Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
New order 2025.msg

Overview

General Information

Sample name:New order 2025.msg
Analysis ID:1585316
MD5:090fa1528dc91da7a535993ca87e0a86
SHA1:db19834414aa418e7ed18c4b7bd15dda358d937d
SHA256:45c96d5abea74039cdcc0c3cd8210068c214551ccc8b330a37c00ee9ab2181fd
Infos:

Detection

PureLog Stealer, Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AntiVM3
Yara detected PureLog Stealer
Yara detected Snake Keylogger
AI detected potential phishing Email
Drops PE files with a suspicious file extension
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Sigma detected: SCR File Write Event
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Suspicious Screensaver Binary File Creation
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 3528 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\New order 2025.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 5612 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B65E71DD-699D-4A31-947E-78B44A854717" "CB8A9D4D-D8A9-4176-AD4D-6D8604D2A761" "3528" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • OpenWith.exe (PID: 5252 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
  • 7zFM.exe (PID: 6700 cmdline: "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\user\Desktop\Order_List.rar" MD5: 30AC0B832D75598FB3EC37B6F2A8C86A)
  • Order_List.scr (PID: 5400 cmdline: "C:\Users\user\Desktop\Order_List.scr" /S MD5: 78A62A23291A3C7907E947BC9F270E09)
    • schtasks.exe (PID: 3580 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp180E.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 5056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Order_List.scr (PID: 6864 cmdline: "C:\Users\user\Desktop\Order_List.scr" MD5: 78A62A23291A3C7907E947BC9F270E09)
  • Order_List.scr (PID: 2680 cmdline: C:\Users\user\Desktop\Order_List.scr /p 197754 MD5: 78A62A23291A3C7907E947BC9F270E09)
    • schtasks.exe (PID: 1924 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp38E5.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 5368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Order_List.scr (PID: 1940 cmdline: "C:\Users\user\Desktop\Order_List.scr" MD5: 78A62A23291A3C7907E947BC9F270E09)
  • Order_List.scr (PID: 2220 cmdline: "C:\Users\user\Desktop\Order_List.scr" MD5: 78A62A23291A3C7907E947BC9F270E09)
    • schtasks.exe (PID: 3608 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp60CF.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 2872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Order_List.scr (PID: 3184 cmdline: "C:\Users\user\Desktop\Order_List.scr" MD5: 78A62A23291A3C7907E947BC9F270E09)
  • Order_List.scr (PID: 1248 cmdline: "C:\Users\user\Desktop\Order_List.scr" /S MD5: 78A62A23291A3C7907E947BC9F270E09)
    • schtasks.exe (PID: 3936 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp74B5.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 4132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Order_List.scr (PID: 4404 cmdline: "C:\Users\user\Desktop\Order_List.scr" MD5: 78A62A23291A3C7907E947BC9F270E09)
  • Order_List.scr (PID: 1140 cmdline: C:\Users\user\Desktop\Order_List.scr /p 197890 MD5: 78A62A23291A3C7907E947BC9F270E09)
    • schtasks.exe (PID: 4128 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp95CA.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 3632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Order_List.scr (PID: 6328 cmdline: "C:\Users\user\Desktop\Order_List.scr" MD5: 78A62A23291A3C7907E947BC9F270E09)
    • Order_List.scr (PID: 6608 cmdline: "C:\Users\user\Desktop\Order_List.scr" MD5: 78A62A23291A3C7907E947BC9F270E09)
  • ssText3d.scr (PID: 6856 cmdline: C:\Windows\system32\ssText3d.scr /p 197890 MD5: 7631304F6B2B9DDCA51CE680A491A538)
  • ssText3d.scr (PID: 5252 cmdline: C:\Windows\system32\ssText3d.scr /p 197890 MD5: 7631304F6B2B9DDCA51CE680A491A538)
  • OpenWith.exe (PID: 1072 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
  • 7zFM.exe (PID: 5348 cmdline: "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\user\Desktop\Order_List.rar" MD5: 30AC0B832D75598FB3EC37B6F2A8C86A)
    • notepad.exe (PID: 4636 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\7zO4E440DCC\version.txt MD5: 27F71B12CB585541885A31BE22F61C83)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7888110857:AAH_lE30nomQfyzYUPPXbGWeGI9ffBUijsQ/sendMessage?chat_id=7222025033", "Token": "7888110857:AAH_lE30nomQfyzYUPPXbGWeGI9ffBUijsQ", "Chat_id": "7222025033", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000019.00000002.2462283908.000000000041B000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000019.00000002.2462283908.000000000041B000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
    • 0x894:$x1: $%SMTPDV$
    • 0x83c:$x3: %FTPDV$
    • 0x860:$m2: Clipboard Logs ID
    • 0xa9e:$m2: Screenshot Logs ID
    • 0xbae:$m2: keystroke Logs ID
    • 0xe88:$m3: SnakePW
    • 0xa76:$m4: \SnakeKeylogger\
    0000001D.00000002.2462387893.000000000041A000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000029.00000002.2497138207.0000000002F71000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Click to see the 29 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Office Autorun Keys Modification
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 3528, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
          Sigma detected: Outlook Security Settings Updated - Registry
          Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\BW66IBE9\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 3528, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder
          Sigma detected: SCR File Write Event
          Source: File createdAuthor: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Program Files\7-Zip\7zFM.exe, ProcessId: 6700, TargetFilename: C:\Users\user\AppData\Local\Temp\7zEC2A483AB\Order_List.scr
          Sigma detected: Suspicious Schtasks From Env Var Folder
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp180E.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp180E.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Order_List.scr" /S, ParentImage: C:\Users\user\Desktop\Order_List.scr, ParentProcessId: 5400, ParentProcessName: Order_List.scr, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp180E.tmp", ProcessId: 3580, ProcessName: schtasks.exe
          Sigma detected: Suspicious Screensaver Binary File Creation
          Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Program Files\7-Zip\7zFM.exe, ProcessId: 6700, TargetFilename: C:\Users\user\AppData\Local\Temp\7zEC2A483AB\Order_List.scr

          Persistence and Installation Behavior

          barindex
          Sigma detected: Scheduled temp file as task from temp location
          Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp180E.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp180E.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Order_List.scr" /S, ParentImage: C:\Users\user\Desktop\Order_List.scr, ParentProcessId: 5400, ParentProcessName: Order_List.scr, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp180E.tmp", ProcessId: 3580, ProcessName: schtasks.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-07T14:02:00.021731+010028033053Unknown Traffic192.168.2.1849709188.114.97.3443TCP
          2025-01-07T14:02:07.605172+010028033053Unknown Traffic192.168.2.1849723188.114.97.3443TCP
          2025-01-07T14:02:18.129918+010028033053Unknown Traffic192.168.2.1849739188.114.97.3443TCP
          2025-01-07T14:02:22.858665+010028033053Unknown Traffic192.168.2.1849749188.114.97.3443TCP
          2025-01-07T14:02:31.423685+010028033053Unknown Traffic192.168.2.1849769188.114.97.3443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-07T14:01:58.508583+010028032742Potentially Bad Traffic192.168.2.1849707193.122.6.16880TCP
          2025-01-07T14:01:59.448592+010028032742Potentially Bad Traffic192.168.2.1849707193.122.6.16880TCP
          2025-01-07T14:02:00.729597+010028032742Potentially Bad Traffic192.168.2.1849710193.122.6.16880TCP
          2025-01-07T14:02:06.149601+010028032742Potentially Bad Traffic192.168.2.1849719193.122.6.16880TCP
          2025-01-07T14:02:07.028602+010028032742Potentially Bad Traffic192.168.2.1849719193.122.6.16880TCP
          2025-01-07T14:02:08.334906+010028032742Potentially Bad Traffic192.168.2.1849725193.122.6.16880TCP
          2025-01-07T14:02:09.607599+010028032742Potentially Bad Traffic192.168.2.1849727193.122.6.16880TCP
          2025-01-07T14:02:16.582607+010028032742Potentially Bad Traffic192.168.2.1849737193.122.6.16880TCP
          2025-01-07T14:02:17.556613+010028032742Potentially Bad Traffic192.168.2.1849737193.122.6.16880TCP
          2025-01-07T14:02:18.833624+010028032742Potentially Bad Traffic192.168.2.1849740193.122.6.16880TCP
          2025-01-07T14:02:21.352622+010028032742Potentially Bad Traffic192.168.2.1849744193.122.6.16880TCP
          2025-01-07T14:02:22.294022+010028032742Potentially Bad Traffic192.168.2.1849744193.122.6.16880TCP
          2025-01-07T14:02:23.392614+010028032742Potentially Bad Traffic192.168.2.1849751193.122.130.080TCP
          2025-01-07T14:02:30.118578+010028032742Potentially Bad Traffic192.168.2.1849766193.122.130.080TCP
          2025-01-07T14:02:30.884588+010028032742Potentially Bad Traffic192.168.2.1849766193.122.130.080TCP
          2025-01-07T14:02:32.022292+010028032742Potentially Bad Traffic192.168.2.1849770193.122.130.080TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 00000029.00000002.2497138207.0000000002F71000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7888110857:AAH_lE30nomQfyzYUPPXbGWeGI9ffBUijsQ/sendMessage?chat_id=7222025033", "Token": "7888110857:AAH_lE30nomQfyzYUPPXbGWeGI9ffBUijsQ", "Chat_id": "7222025033", "Version": "5.1"}
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\7zEC2A483AB\Order_List.scrReversingLabs: Detection: 21%
          Source: C:\Users\user\AppData\Roaming\FTlLqTRGrXZr.exeReversingLabs: Detection: 21%
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\7zEC2A483AB\Order_List.scrJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Roaming\FTlLqTRGrXZr.exeJoe Sandbox ML: detected

          Location Tracking

          barindex
          Tries to detect the country of the analysis system (by using the IP)
          Source: unknownDNS query: name: reallyfreegeoip.org

          Phishing

          barindex
          AI detected potential phishing Email
          Source: EmailJoe Sandbox AI: Detected potential phishing email: Sender email domain (creative-cork.com) doesn't match the claimed company (Egyptalum Ltd). Suspicious attachment with .rar format, commonly used in phishing to hide malware. Generic business inquiry to government email (buildingpermits) that doesn't match the context
          Source: EmailClassification: Lure-Based Attack
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49708 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49721 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 192.168.2.18:49730 -> 188.114.97.3:443 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49738 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49746 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49768 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 192.168.2.18:49771 -> 188.114.97.3:443 version: TLS 1.0
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
          Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
          Source: Joe Sandbox ViewIP Address: 193.122.6.168 193.122.6.168
          Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
          Source: unknownDNS query: name: checkip.dyndns.org
          Source: unknownDNS query: name: reallyfreegeoip.org
          Source: unknownDNS query: name: checkip.dyndns.org
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.18:49710 -> 193.122.6.168:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.18:49727 -> 193.122.6.168:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.18:49770 -> 193.122.130.0:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.18:49766 -> 193.122.130.0:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.18:49744 -> 193.122.6.168:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.18:49725 -> 193.122.6.168:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.18:49707 -> 193.122.6.168:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.18:49751 -> 193.122.130.0:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.18:49719 -> 193.122.6.168:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.18:49740 -> 193.122.6.168:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.18:49737 -> 193.122.6.168:80
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.18:49749 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.18:49739 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.18:49709 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.18:49723 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.18:49769 -> 188.114.97.3:443
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49708 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49721 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 192.168.2.18:49730 -> 188.114.97.3:443 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49738 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49746 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49768 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 192.168.2.18:49771 -> 188.114.97.3:443 version: TLS 1.0
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
          Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
          Source: Order_List.scr, 00000014.00000002.2491373165.0000000002E62000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F1E000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F4B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AD6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AFE000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B2C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AE3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033B6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033C3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.000000000340C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003323000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003621000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003606000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.000000000362F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
          Source: Order_List.scr, 00000014.00000002.2491373165.0000000002F2B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002E62000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002EA5000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F1E000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F4B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AD6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A37000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B0C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AFE000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B2C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AE3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003366000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
          Source: Order_List.scr, 00000014.00000002.2491373165.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002991000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003271000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.00000000034C1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000029.00000002.2497138207.0000000002F71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
          Source: Order_List.scr, 00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2462283908.000000000041B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
          Source: Order_List.scr, 00000029.00000002.2497138207.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000029.00000002.2497138207.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.orgx
          Source: 7zFM.exe, 0000000F.00000003.1516854428.000001C16EE80000.00000004.00000800.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1539112335.000001C170A3E000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1538885914.000001C16EE81000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1630731860.000001C170A3E000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000002E.00000002.2488632713.0000019AAA4DB000.00000004.00000020.00020000.00000000.sdmp, Order_List.scr.15.dr, FTlLqTRGrXZr.exe.17.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
          Source: 7zFM.exe, 0000000F.00000003.1516854428.000001C16EE80000.00000004.00000800.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1539112335.000001C170A3E000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1538885914.000001C16EE81000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1630731860.000001C170A3E000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1539369564.000001C170AEB000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000002E.00000002.2488632713.0000019AAA4DB000.00000004.00000020.00020000.00000000.sdmp, Order_List.scr.15.dr, FTlLqTRGrXZr.exe.17.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
          Source: 7zFM.exe, 0000000F.00000003.1516854428.000001C16EE80000.00000004.00000800.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1539112335.000001C170A3E000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1538885914.000001C16EE81000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1630731860.000001C170A3E000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1539369564.000001C170AEB000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000002E.00000002.2488632713.0000019AAA4DB000.00000004.00000020.00020000.00000000.sdmp, Order_List.scr.15.dr, FTlLqTRGrXZr.exe.17.drString found in binary or memory: http://ocsp.comodoca.com0
          Source: Order_List.scr, 00000014.00000002.2491373165.0000000002E7A000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F1E000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F4B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AD6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A5B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AFE000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B2C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AE3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033B6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033C3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.000000000340C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.000000000333B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003621000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003606000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.000000000358C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
          Source: Order_List.scr, 00000011.00000002.1781812977.00000000034C8000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000016.00000002.1866475138.000000000333B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002991000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001A.00000002.1971516254.00000000029FB000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003271000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001E.00000002.2021094284.000000000329B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.00000000034C1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000025.00000002.2105744205.0000000002A3B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000029.00000002.2497138207.0000000002F71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: Order_List.scr, 00000019.00000002.2496690861.0000000002AD6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AFE000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B2C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AE3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003366000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033B6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033C3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.000000000340C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003323000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003621000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003606000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.000000000362F000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003574000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.000000000366B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.00000000035B6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
          Source: Order_List.scr, 00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002E62000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2462283908.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003323000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003574000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000029.00000002.2497138207.0000000003024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
          Source: Order_List.scr, 00000029.00000002.2497138207.00000000030D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
          Source: Order_List.scr, 00000014.00000002.2491373165.0000000002EA5000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F1E000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F4B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AD6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AFE000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B2C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AE3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003366000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033B6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033C3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.000000000340C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003621000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003606000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.000000000362F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
          Source: Order_List.scr, 00000014.00000002.2491373165.0000000002E62000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003323000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003574000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000029.00000002.2497138207.0000000003024000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000029.00000002.2497138207.000000000311B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000029.00000002.2497138207.00000000030DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189x
          Source: 7zFM.exe, 0000000F.00000003.1516854428.000001C16EE80000.00000004.00000800.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1539112335.000001C170A3E000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1538885914.000001C16EE81000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1630731860.000001C170A3E000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1630648461.000001C16EF2C000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1539369564.000001C170AEB000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000002E.00000002.2488632713.0000019AAA4DB000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000002E.00000003.2346795878.0000019AAB84C000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000002E.00000002.2496806627.0000019AAB84C000.00000004.00000020.00020000.00000000.sdmp, Order_List.scr.15.dr, FTlLqTRGrXZr.exe.17.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
          Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
          Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
          Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
          Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
          Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
          Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
          Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
          Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
          Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
          Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
          Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
          Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
          Source: C:\Program Files\7-Zip\7zFM.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 00000019.00000002.2462283908.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: Process Memory Space: Order_List.scr PID: 5400, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: Process Memory Space: Order_List.scr PID: 5400, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: Process Memory Space: Order_List.scr PID: 1940, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 00000019.00000002.2462283908.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: Process Memory Space: Order_List.scr PID: 5400, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: Process Memory Space: Order_List.scr PID: 5400, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: Process Memory Space: Order_List.scr PID: 1940, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: Order_List.scr.15.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: FTlLqTRGrXZr.exe.17.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal100.troj.spyw.evad.winMSG@43/14@3/3
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4132:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5056:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5368:120:WilError_03
          Source: C:\Users\user\Desktop\Order_List.scrMutant created: \Sessions\1\BaseNamedObjects\laoeILYAWbYsBdVIYEa
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3632:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2872:120:WilError_03
          Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5252:120:WilError_03
          Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1072:120:WilError_03
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250107T0801000560-3528.etlJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: Order_List.scr, 00000014.00000002.2491373165.0000000003011000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2520951524.0000000003E2B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000003005000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002FBF000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002FCF000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002FDD000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002BE5000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002BBE000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002BAF000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002BF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\New order 2025.msg"
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B65E71DD-699D-4A31-947E-78B44A854717" "CB8A9D4D-D8A9-4176-AD4D-6D8604D2A761" "3528" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
          Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
          Source: unknownProcess created: C:\Program Files\7-Zip\7zFM.exe "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\user\Desktop\Order_List.rar"
          Source: unknownProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr" /S
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp180E.tmp"
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: unknownProcess created: C:\Users\user\Desktop\Order_List.scr C:\Users\user\Desktop\Order_List.scr /p 197754
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp38E5.tmp"
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: unknownProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp60CF.tmp"
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: unknownProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr" /S
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp74B5.tmp"
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: unknownProcess created: C:\Users\user\Desktop\Order_List.scr C:\Users\user\Desktop\Order_List.scr /p 197890
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp95CA.tmp"
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: unknownProcess created: C:\Windows\System32\ssText3d.scr C:\Windows\system32\ssText3d.scr /p 197890
          Source: unknownProcess created: C:\Windows\System32\ssText3d.scr C:\Windows\system32\ssText3d.scr /p 197890
          Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
          Source: unknownProcess created: C:\Program Files\7-Zip\7zFM.exe "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\user\Desktop\Order_List.rar"
          Source: C:\Program Files\7-Zip\7zFM.exeProcess created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\7zO4E440DCC\version.txt
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B65E71DD-699D-4A31-947E-78B44A854717" "CB8A9D4D-D8A9-4176-AD4D-6D8604D2A761" "3528" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp180E.tmp"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp38E5.tmp"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp60CF.tmp"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp74B5.tmp"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp95CA.tmp"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: C:\Program Files\7-Zip\7zFM.exeProcess created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\7zO4E440DCC\version.txt
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: policymanager.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: msvcp110_win.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dllJump to behavior
          Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: explorerframe.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: thumbcache.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: policymanager.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: msvcp110_win.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: dataexchange.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: d3d11.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: dcomp.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: twinapi.appcore.dllJump to behavior
          Source: C:\Program Files\7-Zip\7zFM.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mscoree.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: kernel.appcore.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: version.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: vcruntime140_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ucrtbase_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: uxtheme.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windows.storage.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wldp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: profapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptsp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rsaenh.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptbase.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rasapi32.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rasman.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rtutils.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mswsock.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: winhttp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ondemandconnroutehelper.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: iphlpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dhcpcsvc6.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dhcpcsvc.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dnsapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: winnsi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rasadhlp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: fwpuclnt.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: secur32.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: sspicli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: schannel.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mskeyprotect.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ntasn1.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ncrypt.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ncryptsslp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: msasn1.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: gpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mscoree.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: kernel.appcore.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: version.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: vcruntime140_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ucrtbase_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ucrtbase_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: uxtheme.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windows.storage.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wldp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: profapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptsp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rsaenh.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptbase.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dwrite.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windowscodecs.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: amsi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: userenv.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: msasn1.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: gpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: textshaping.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: textinputframework.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: coreuicomponents.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: coremessaging.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ntmarta.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wintypes.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wintypes.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wintypes.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: propsys.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: edputil.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: urlmon.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: iertutil.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: srvcli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: netutils.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windows.staterepositoryps.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: sspicli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: appresolver.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: bcp47langs.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: slc.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: sppc.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: onecorecommonproxystub.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: onecoreuapcommonproxystub.dll
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mscoree.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: kernel.appcore.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: version.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: vcruntime140_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ucrtbase_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ucrtbase_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: uxtheme.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windows.storage.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wldp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: profapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptsp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rsaenh.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptbase.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rasapi32.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rasman.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rtutils.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mswsock.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: winhttp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ondemandconnroutehelper.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: iphlpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dhcpcsvc6.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dhcpcsvc.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dnsapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: winnsi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rasadhlp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: fwpuclnt.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: secur32.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: sspicli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: schannel.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mskeyprotect.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ntasn1.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ncrypt.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ncryptsslp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: msasn1.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: gpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mscoree.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: kernel.appcore.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: version.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: vcruntime140_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ucrtbase_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ucrtbase_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: uxtheme.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windows.storage.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wldp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: profapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptsp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rsaenh.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptbase.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dwrite.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windowscodecs.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: amsi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: userenv.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: msasn1.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: gpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: textshaping.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: textinputframework.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: coreuicomponents.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: coremessaging.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ntmarta.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wintypes.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wintypes.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wintypes.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: propsys.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: edputil.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: urlmon.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: iertutil.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: srvcli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: netutils.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windows.staterepositoryps.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: sspicli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: appresolver.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: bcp47langs.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: slc.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: sppc.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: onecorecommonproxystub.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: onecoreuapcommonproxystub.dll
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mscoree.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: kernel.appcore.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: version.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: vcruntime140_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ucrtbase_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: uxtheme.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windows.storage.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wldp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: profapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptsp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rsaenh.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptbase.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rasapi32.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rasman.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rtutils.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mswsock.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: winhttp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ondemandconnroutehelper.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: iphlpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dhcpcsvc6.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dhcpcsvc.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dnsapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: winnsi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rasadhlp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: fwpuclnt.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: secur32.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: sspicli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: schannel.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mskeyprotect.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ntasn1.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ncrypt.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ncryptsslp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: msasn1.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: gpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mscoree.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: kernel.appcore.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: version.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: vcruntime140_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ucrtbase_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: uxtheme.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windows.storage.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wldp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: profapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptsp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rsaenh.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptbase.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dwrite.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windowscodecs.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: amsi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: userenv.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: msasn1.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: gpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: textshaping.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: textinputframework.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: coreuicomponents.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: coremessaging.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ntmarta.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wintypes.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wintypes.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wintypes.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: propsys.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: edputil.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: urlmon.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: iertutil.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: srvcli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: netutils.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windows.staterepositoryps.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: sspicli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: appresolver.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: bcp47langs.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: slc.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: sppc.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: onecorecommonproxystub.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: onecoreuapcommonproxystub.dll
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mscoree.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: kernel.appcore.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: version.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: vcruntime140_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ucrtbase_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: uxtheme.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windows.storage.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wldp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: profapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptsp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rsaenh.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptbase.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rasapi32.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rasman.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rtutils.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mswsock.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: winhttp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ondemandconnroutehelper.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: iphlpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dhcpcsvc6.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dhcpcsvc.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dnsapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: winnsi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rasadhlp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: fwpuclnt.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: secur32.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: sspicli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: schannel.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mskeyprotect.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ntasn1.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ncrypt.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ncryptsslp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: msasn1.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: gpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mscoree.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: kernel.appcore.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: version.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: vcruntime140_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ucrtbase_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: uxtheme.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windows.storage.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wldp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: profapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptsp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rsaenh.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptbase.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dwrite.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windowscodecs.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: amsi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: userenv.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: msasn1.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: gpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: textshaping.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: textinputframework.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: coreuicomponents.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: coremessaging.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ntmarta.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wintypes.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wintypes.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wintypes.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: propsys.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: edputil.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: urlmon.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: iertutil.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: srvcli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: netutils.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windows.staterepositoryps.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: sspicli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: appresolver.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: bcp47langs.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: slc.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: sppc.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: onecorecommonproxystub.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: onecoreuapcommonproxystub.dll
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mscoree.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: kernel.appcore.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: version.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: vcruntime140_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ucrtbase_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ucrtbase_clr0400.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: uxtheme.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: windows.storage.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: wldp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: profapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptsp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rsaenh.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: cryptbase.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rasapi32.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rasman.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rtutils.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mswsock.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: winhttp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ondemandconnroutehelper.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: iphlpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dhcpcsvc6.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dhcpcsvc.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dnsapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: winnsi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: rasadhlp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: fwpuclnt.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: secur32.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: sspicli.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: schannel.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: mskeyprotect.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ntasn1.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ncrypt.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: ncryptsslp.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: msasn1.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: gpapi.dll
          Source: C:\Users\user\Desktop\Order_List.scrSection loaded: dpapi.dll
          Source: C:\Windows\System32\ssText3d.scrSection loaded: winbrand.dll
          Source: C:\Windows\System32\ssText3d.scrSection loaded: d3d9.dll
          Source: C:\Windows\System32\ssText3d.scrSection loaded: glu32.dll
          Source: C:\Windows\System32\ssText3d.scrSection loaded: winmm.dll
          Source: C:\Windows\System32\ssText3d.scrSection loaded: kernel.appcore.dll
          Source: C:\Windows\System32\ssText3d.scrSection loaded: dwmapi.dll
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile opened: C:\Windows\SysWOW64\MsftEdit.dllJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow detected: Number of UI elements: 16
          Source: C:\Users\user\Desktop\Order_List.scrFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
          Source: Order_List.scr.15.drStatic PE information: section name: .text entropy: 7.446253940033166
          Source: FTlLqTRGrXZr.exe.17.drStatic PE information: section name: .text entropy: 7.446253940033166

          Persistence and Installation Behavior

          barindex
          Drops PE files with a suspicious file extension
          Source: C:\Program Files\7-Zip\7zFM.exeFile created: C:\Users\user\AppData\Local\Temp\7zEC2A483AB\Order_List.scrJump to dropped file
          Source: C:\Users\user\Desktop\Order_List.scrFile created: C:\Users\user\AppData\Roaming\FTlLqTRGrXZr.exeJump to dropped file
          Source: C:\Program Files\7-Zip\7zFM.exeFile created: C:\Users\user\AppData\Local\Temp\7zEC2A483AB\Order_List.scrJump to dropped file

          Boot Survival

          barindex
          Uses schtasks.exe or at.exe to add and modify task schedules
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp180E.tmp"
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\Order_List.scrProcess information set: NOOPENFILEERRORBOX

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 5400, type: MEMORYSTR
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 17E0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 3480000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 5480000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: C6B0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 8150000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 8430000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 13C0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 2DB0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 2CF0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 1900000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 32F0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 3220000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 7BF0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 8BF0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: BD70000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 8D90000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: F10000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 2990000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 28A0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 2820000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 29B0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 49B0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: B4B0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 7430000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 76F0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 13C0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 3270000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 3080000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 1630000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 3250000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 1880000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 7650000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 8650000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: BEB0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 87D0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 3340000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 34C0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 3340000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 2860000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 29F0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 49F0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: B780000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 7220000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 74F0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 15F0000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 2F70000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: 4F70000 memory reserve | memory write watch
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 600000
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599889
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599778
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599666
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599555
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599443
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599317
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599189
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599061
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598949
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598837
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598725
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598613
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598485
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598357
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598245
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598134
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598022
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597910
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597783
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597655
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597543
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597431
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597319
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597207
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597079
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596951
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596838
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596729
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596617
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596505
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596377
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596250
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596140
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596028
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595916
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595804
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595693
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595565
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595423
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595295
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595183
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595071
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594959
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594831
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594703
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594592
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594480
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594368
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594257
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 600000
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599889
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599777
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599665
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599553
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599427
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599312
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599205
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599078
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598966
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598854
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598742
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598631
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598503
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598378
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598252
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598140
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598028
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597916
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597804
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597693
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597565
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597453
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597343
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597232
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597119
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597000
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596866
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596754
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596642
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596514
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596402
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596291
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596179
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596068
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595940
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595828
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595716
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595604
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595492
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595380
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595253
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595141
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595030
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594917
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594806
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594695
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594563
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594439
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594311
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 600000
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599874
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599763
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599651
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599538
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599427
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599299
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599171
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599061
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598949
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598837
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598725
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598614
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598487
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598359
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598248
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598136
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598024
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597913
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597799
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597673
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597545
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597433
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597322
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597209
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597083
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596955
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596827
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596716
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596604
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596492
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596380
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596252
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596125
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596014
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595902
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595790
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595679
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595567
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595440
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595320
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595201
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595090
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594978
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594866
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594754
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594627
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594499
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594388
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594276
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 600000
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599874
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599762
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599650
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599538
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599427
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599299
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599172
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599060
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598948
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598837
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598725
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598614
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598487
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598359
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598248
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598136
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598025
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597914
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597802
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597675
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597548
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597423
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597282
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597155
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597043
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596932
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596820
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596707
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596580
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596452
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596340
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596229
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596118
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596005
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595879
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595735
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595624
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595511
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595400
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595288
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595177
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595050
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594906
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594795
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594683
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594571
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594459
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594331
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594203
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 600000
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599888
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599776
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599665
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599553
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599425
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599282
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599156
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599044
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598909
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598789
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598661
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598533
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598405
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598293
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598181
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598070
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597958
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597831
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597687
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597575
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597463
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597351
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597239
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597111
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596983
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596871
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596759
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596647
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596535
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596407
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596279
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596168
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596056
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595945
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595832
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595705
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595577
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595465
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595354
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595243
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595132
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595021
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594893
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594751
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594623
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594511
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594399
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594287
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594160
          Source: C:\Users\user\Desktop\Order_List.scrWindow / User API: threadDelayed 9569
          Source: C:\Users\user\Desktop\Order_List.scrWindow / User API: threadDelayed 9552
          Source: C:\Users\user\Desktop\Order_List.scrWindow / User API: threadDelayed 8990
          Source: C:\Users\user\Desktop\Order_List.scrWindow / User API: threadDelayed 856
          Source: C:\Users\user\Desktop\Order_List.scrWindow / User API: threadDelayed 9486
          Source: C:\Users\user\Desktop\Order_List.scrWindow / User API: threadDelayed 360
          Source: C:\Users\user\Desktop\Order_List.scrWindow / User API: threadDelayed 9065
          Source: C:\Users\user\Desktop\Order_List.scrWindow / User API: threadDelayed 776
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6240Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -12912720851596678s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -600000s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -599889s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1260Thread sleep count: 9569 > 30
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1260Thread sleep count: 283 > 30
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -599778s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -599666s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -599555s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -599443s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -599317s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -599189s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -599061s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -598949s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -598837s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -598725s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -598613s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -598485s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -598357s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -598245s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -598134s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -598022s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -597910s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -597783s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -597655s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -597543s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -597431s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -597319s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -597207s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -597079s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -596951s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -596838s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -596729s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -596617s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -596505s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -596377s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -596250s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -596140s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -596028s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -595916s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -595804s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -595693s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -595565s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -595423s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -595295s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -595183s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -595071s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -594959s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -594831s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -594703s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -594592s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -594480s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -594368s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 760Thread sleep time: -594257s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1804Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -7378697629483816s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -600000s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -599889s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1992Thread sleep count: 9552 > 30
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -599777s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -599665s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -599553s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1992Thread sleep count: 304 > 30
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -599427s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -599312s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -599205s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -599078s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -598966s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -598854s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -598742s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -598631s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -598503s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -598378s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -598252s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -598140s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -598028s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -597916s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -597804s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -597693s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -597565s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -597453s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -597343s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -597232s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -597119s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -597000s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -596866s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -596754s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -596642s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -596514s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -596402s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -596291s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -596179s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -596068s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -595940s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -595828s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -595716s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -595604s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -595492s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -595380s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -595253s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -595141s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -595030s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -594917s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -594806s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -594695s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -594563s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -594439s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 1960Thread sleep time: -594311s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 2200Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -15679732462653109s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -600000s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -599874s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 5096Thread sleep count: 8990 > 30
          Source: C:\Users\user\Desktop\Order_List.scr TID: 5096Thread sleep count: 856 > 30
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -599763s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -599651s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -599538s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -599427s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -599299s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -599171s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -599061s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -598949s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -598837s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -598725s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -598614s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -598487s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -598359s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -598248s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -598136s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -598024s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -597913s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -597799s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -597673s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -597545s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -597433s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -597322s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -597209s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -597083s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -596955s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -596827s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -596716s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -596604s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -596492s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -596380s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -596252s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -596125s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -596014s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -595902s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -595790s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -595679s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -595567s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -595440s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -595320s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -595201s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -595090s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -594978s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -594866s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -594754s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -594627s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -594499s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -594388s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6316Thread sleep time: -594276s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 556Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -16602069666338586s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -600000s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -599874s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6584Thread sleep count: 9486 > 30
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6584Thread sleep count: 360 > 30
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -599762s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -599650s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -599538s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -599427s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -599299s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -599172s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -599060s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -598948s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -598837s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -598725s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -598614s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -598487s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -598359s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -598248s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -598136s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -598025s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -597914s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -597802s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -597675s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -597548s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -597423s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -597282s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -597155s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -597043s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -596932s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -596820s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -596707s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -596580s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -596452s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -596340s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -596229s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -596118s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -596005s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -595879s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -595735s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -595624s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -595511s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -595400s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -595288s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -595177s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -595050s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -594906s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -594795s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -594683s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -594571s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -594459s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -594331s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 6580Thread sleep time: -594203s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 4756Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -17524406870024063s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -600000s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -599888s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 5464Thread sleep count: 9065 > 30
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -599776s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 5464Thread sleep count: 776 > 30
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -599665s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -599553s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -599425s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -599282s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -599156s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -599044s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -598909s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -598789s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -598661s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -598533s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -598405s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -598293s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -598181s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -598070s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -597958s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -597831s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -597687s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -597575s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -597463s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -597351s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -597239s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -597111s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -596983s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -596871s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -596759s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -596647s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -596535s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -596407s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -596279s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -596168s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -596056s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -595945s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -595832s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -595705s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -595577s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -595465s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -595354s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -595243s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -595132s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -595021s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -594893s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -594751s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -594623s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -594511s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -594399s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -594287s >= -30000s
          Source: C:\Users\user\Desktop\Order_List.scr TID: 7124Thread sleep time: -594160s >= -30000s
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 600000
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599889
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599778
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599666
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599555
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599443
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599317
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599189
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599061
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598949
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598837
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598725
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598613
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598485
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598357
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598245
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598134
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598022
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597910
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597783
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597655
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597543
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597431
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597319
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597207
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597079
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596951
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596838
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596729
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596617
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596505
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596377
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596250
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596140
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596028
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595916
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595804
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595693
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595565
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595423
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595295
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595183
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595071
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594959
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594831
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594703
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594592
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594480
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594368
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594257
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 600000
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599889
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599777
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599665
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599553
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599427
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599312
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599205
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599078
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598966
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598854
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598742
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598631
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598503
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598378
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598252
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598140
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598028
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597916
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597804
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597693
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597565
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597453
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597343
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597232
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597119
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597000
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596866
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596754
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596642
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596514
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596402
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596291
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596179
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596068
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595940
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595828
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595716
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595604
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595492
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595380
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595253
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595141
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595030
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594917
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594806
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594695
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594563
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594439
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594311
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 600000
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599874
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599763
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599651
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599538
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599427
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599299
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599171
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599061
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598949
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598837
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598725
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598614
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598487
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598359
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598248
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598136
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598024
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597913
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597799
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597673
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597545
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597433
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597322
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597209
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597083
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596955
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596827
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596716
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596604
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596492
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596380
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596252
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596125
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596014
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595902
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595790
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595679
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595567
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595440
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595320
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595201
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595090
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594978
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594866
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594754
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594627
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594499
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594388
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594276
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 600000
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599874
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599762
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599650
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599538
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599427
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599299
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599172
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599060
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598948
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598837
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598725
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598614
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598487
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598359
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598248
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598136
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598025
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597914
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597802
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597675
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597548
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597423
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597282
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597155
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597043
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596932
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596820
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596707
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596580
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596452
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596340
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596229
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596118
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596005
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595879
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595735
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595624
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595511
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595400
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595288
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595177
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595050
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594906
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594795
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594683
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594571
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594459
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594331
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594203
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 600000
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599888
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599776
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599665
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599553
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599425
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599282
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599156
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 599044
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598909
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598789
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598661
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598533
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598405
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598293
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598181
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 598070
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597958
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597831
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597687
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597575
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597463
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597351
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597239
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 597111
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596983
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596871
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596759
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596647
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596535
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596407
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596279
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596168
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 596056
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595945
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595832
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595705
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595577
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595465
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595354
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595243
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595132
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 595021
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594893
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594751
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594623
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594511
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594399
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594287
          Source: C:\Users\user\Desktop\Order_List.scrThread delayed: delay time: 594160
          Source: Order_List.scr, 00000014.00000002.2467949698.0000000000EF7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllR[zo
          Source: Order_List.scr, 00000025.00000002.2128470166.0000000006E42000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: Order_List.scr, 00000029.00000002.2474834713.0000000001239000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllO
          Source: Order_List.scr, 00000021.00000002.2473726695.000000000168E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlla
          Source: Order_List.scr, 00000019.00000002.2467950537.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2478125383.0000000001471000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: Order_List.scr, 00000011.00000002.1787996238.0000000007959000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33s
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrMemory allocated: page read and write | page guard

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\Order_List.scrMemory written: C:\Users\user\Desktop\Order_List.scr base: 400000 value starts with: 4D5A
          Source: C:\Users\user\Desktop\Order_List.scrMemory written: C:\Users\user\Desktop\Order_List.scr base: 400000 value starts with: 4D5A
          Source: C:\Users\user\Desktop\Order_List.scrMemory written: C:\Users\user\Desktop\Order_List.scr base: 400000 value starts with: 4D5A
          Source: C:\Users\user\Desktop\Order_List.scrMemory written: C:\Users\user\Desktop\Order_List.scr base: 400000 value starts with: 4D5A
          Source: C:\Users\user\Desktop\Order_List.scrMemory written: C:\Users\user\Desktop\Order_List.scr base: 400000 value starts with: 4D5A
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp180E.tmp"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp38E5.tmp"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp60CF.tmp"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp74B5.tmp"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp95CA.tmp"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: C:\Users\user\Desktop\Order_List.scrProcess created: C:\Users\user\Desktop\Order_List.scr "C:\Users\user\Desktop\Order_List.scr"
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
          Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
          Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
          Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
          Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Users\user\Desktop\Order_List.scr VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Users\user\Desktop\Order_List.scr VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Users\user\Desktop\Order_List.scr VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Users\user\Desktop\Order_List.scr VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Users\user\Desktop\Order_List.scr VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Users\user\Desktop\Order_List.scr VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Users\user\Desktop\Order_List.scr VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Users\user\Desktop\Order_List.scr VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Users\user\Desktop\Order_List.scr VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Users\user\Desktop\Order_List.scr VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
          Source: C:\Users\user\Desktop\Order_List.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
          Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
          Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
          Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
          Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
          Source: C:\Windows\System32\notepad.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zO4E440DCC\version.txt VolumeInformation
          Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected PureLog Stealer
          Source: Yara matchFile source: 00000011.00000002.1787660778.00000000078D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 00000019.00000002.2462283908.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001D.00000002.2462387893.000000000041A000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000029.00000002.2497138207.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.2491373165.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001D.00000002.2500727360.0000000003428000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000029.00000002.2497138207.0000000003129000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000002.2496690861.0000000002B48000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001D.00000002.2500727360.0000000003271000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000002.2496690861.0000000002991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.2499992401.0000000003679000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.2491373165.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.2499992401.00000000034C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 5400, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 6864, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 1940, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 3184, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 4404, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 6608, type: MEMORYSTR
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\Desktop\Order_List.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
          Source: C:\Users\user\Desktop\Order_List.scrFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Users\user\Desktop\Order_List.scrFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
          Source: C:\Users\user\Desktop\Order_List.scrKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
          Source: C:\Users\user\Desktop\Order_List.scrFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
          Source: C:\Users\user\Desktop\Order_List.scrKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
          Source: C:\Users\user\Desktop\Order_List.scrFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
          Source: C:\Users\user\Desktop\Order_List.scrKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
          Source: C:\Users\user\Desktop\Order_List.scrFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
          Source: C:\Users\user\Desktop\Order_List.scrKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
          Source: C:\Users\user\Desktop\Order_List.scrFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
          Source: C:\Users\user\Desktop\Order_List.scrKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
          Source: Yara matchFile source: 00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 5400, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 6864, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 1940, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 3184, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 4404, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 6608, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected PureLog Stealer
          Source: Yara matchFile source: 00000011.00000002.1787660778.00000000078D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 00000019.00000002.2462283908.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001D.00000002.2462387893.000000000041A000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000029.00000002.2497138207.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.2491373165.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001D.00000002.2500727360.0000000003428000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000029.00000002.2497138207.0000000003129000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000002.2496690861.0000000002B48000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001D.00000002.2500727360.0000000003271000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000002.2496690861.0000000002991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.2499992401.0000000003679000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.2491373165.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.2499992401.00000000034C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 5400, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 6864, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 1940, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 3184, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 4404, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Order_List.scr PID: 6608, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Scheduled Task/Job          		11
          Browser Extensions          		111
          Process Injection          		11
          Masquerading          		1
          OS Credential Dumping          		11
          Security Software Discovery          		Remote Services1
          Email Collection          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          Scheduled Task/Job          		1
          Scheduled Task/Job          		1
          Disable or Modify Tools          		LSASS Memory1
          Process Discovery          		Remote Desktop Protocol1
          Data from Local System          		1
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAt1
          DLL Side-Loading          		1
          DLL Side-Loading          		31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares1
          Clipboard Data          		2
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput Capture13
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Obfuscated Files or Information          		LSA Secrets1
          System Network Configuration Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
          Software Packing          		Cached Domain Credentials1
          File and Directory Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          DLL Side-Loading          		DCSync14
          System Information Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1585316 Sample: New order 2025.msg Startdate: 07/01/2025 Architecture: WINDOWS Score: 100 58 reallyfreegeoip.org 2->58 60 checkip.dyndns.org 2->60 62 checkip.dyndns.com 2->62 70 Found malware configuration 2->70 72 Malicious sample detected (through community Yara rule) 2->72 74 Multi AV Scanner detection for dropped file 2->74 78 7 other signatures 2->78 8 Order_List.scr 5 2->8         started        12 Order_List.scr 2->12         started        14 Order_List.scr 2->14         started        16 9 other processes 2->16 signatures3 76 Tries to detect the country of the analysis system (by using the IP) 58->76 process4 file5 48 C:\Users\user\AppData\...\FTlLqTRGrXZr.exe, PE32 8->48 dropped 50 C:\Users\user\AppData\Local\...\tmp180E.tmp, XML 8->50 dropped 84 Uses schtasks.exe or at.exe to add and modify task schedules 8->84 86 Injects a PE file into a foreign processes 8->86 18 Order_List.scr 8->18         started        22 schtasks.exe 8->22         started        24 Order_List.scr 12->24         started        34 2 other processes 12->34 26 Order_List.scr 14->26         started        28 schtasks.exe 14->28         started        52 C:\Users\user\AppData\...\Order_List.scr, PE32 16->52 dropped 54 C:\...\~Outlook Data File - NoEmail.pst.tmp, data 16->54 dropped 56 C:\Users\...\Outlook Data File - NoEmail.pst, Microsoft 16->56 dropped 30 Order_List.scr 16->30         started        32 Order_List.scr 16->32         started        36 4 other processes 16->36 signatures6 process7 dnsIp8 64 checkip.dyndns.com 193.122.6.168, 49707, 49710, 49712 ORACLE-BMC-31898US United States 18->64 66 reallyfreegeoip.org 188.114.97.3, 443, 49708, 49709 CLOUDFLARENETUS European Union 18->66 38 conhost.exe 22->38         started        80 Tries to steal Mail credentials (via file / registry access) 24->80 82 Tries to harvest and steal browser information (history, passwords, etc) 24->82 68 193.122.130.0, 49748, 49751, 49752 ORACLE-BMC-31898US United States 26->68 40 conhost.exe 28->40         started        42 conhost.exe 34->42         started        44 conhost.exe 36->44         started        46 conhost.exe 36->46         started        signatures9 process10

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          No Antivirus matches

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\7zEC2A483AB\Order_List.scr100%Joe Sandbox ML
          C:\Users\user\AppData\Roaming\FTlLqTRGrXZr.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\7zEC2A483AB\Order_List.scr21%ReversingLabs
          C:\Users\user\AppData\Roaming\FTlLqTRGrXZr.exe21%ReversingLabs

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://checkip.dyndns.orgx0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          reallyfreegeoip.org
          		188.114.97.3
          		truefalse
            		high
            checkip.dyndns.com
            		193.122.6.168
            		truefalse
              		high
              checkip.dyndns.org
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://checkip.dyndns.org/false
                  		high
                  https://reallyfreegeoip.org/xml/8.46.123.189false
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://checkip.dyndns.org/qOrder_List.scr, 00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2462283908.000000000041B000.00000040.00000400.00020000.00000000.sdmpfalse
                      		high
                      https://reallyfreegeoip.org/xml/8.46.123.189$Order_List.scr, 00000014.00000002.2491373165.0000000002EA5000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F1E000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F4B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AD6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AFE000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B2C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AE3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003366000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033B6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033C3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.000000000340C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003621000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003606000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.000000000362F000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://reallyfreegeoip.orgOrder_List.scr, 00000014.00000002.2491373165.0000000002E7A000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F1E000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F4B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AD6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A5B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AFE000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B2C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AE3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033B6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033C3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.000000000340C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.000000000333B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003621000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003606000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.000000000358C000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://reallyfreegeoip.orgOrder_List.scr, 00000019.00000002.2496690861.0000000002AD6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AFE000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B2C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AE3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003366000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033B6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033C3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.000000000340C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003323000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003621000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003606000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.000000000362F000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003574000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.000000000366B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.00000000035B6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003614000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://reallyfreegeoip.org/xml/8.46.123.189xOrder_List.scr, 00000014.00000002.2491373165.0000000002E62000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003323000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003574000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000029.00000002.2497138207.0000000003024000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000029.00000002.2497138207.000000000311B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000029.00000002.2497138207.00000000030DF000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://checkip.dyndns.orgOrder_List.scr, 00000014.00000002.2491373165.0000000002F2B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002E62000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002EA5000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F1E000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F4B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AD6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A37000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B0C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AFE000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B2C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AE3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003366000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003317000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://checkip.dyndns.comOrder_List.scr, 00000014.00000002.2491373165.0000000002E62000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F1E000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F4B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AD6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AFE000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002B2C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002AE3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033B6000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033C3000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.000000000340C000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003323000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003621000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003606000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.000000000362F000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameOrder_List.scr, 00000011.00000002.1781812977.00000000034C8000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000016.00000002.1866475138.000000000333B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002991000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001A.00000002.1971516254.00000000029FB000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003271000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001E.00000002.2021094284.000000000329B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.00000000034C1000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000025.00000002.2105744205.0000000002A3B000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000029.00000002.2497138207.0000000002F71000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.chiark.greenend.org.uk/~sgtatham/putty/07zFM.exe, 0000000F.00000003.1516854428.000001C16EE80000.00000004.00000800.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1539112335.000001C170A3E000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1538885914.000001C16EE81000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1630731860.000001C170A3E000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1630648461.000001C16EF2C000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000000F.00000003.1539369564.000001C170AEB000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000002E.00000002.2488632713.0000019AAA4DB000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000002E.00000003.2346795878.0000019AAB84C000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe, 0000002E.00000002.2496806627.0000019AAB84C000.00000004.00000020.00020000.00000000.sdmp, Order_List.scr.15.dr, FTlLqTRGrXZr.exe.17.drfalse
                                      		high
                                      http://checkip.dyndns.orgxOrder_List.scr, 00000029.00000002.2497138207.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000029.00000002.2497138207.0000000003011000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://reallyfreegeoip.org/xml/Order_List.scr, 00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000014.00000002.2491373165.0000000002E62000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2462283908.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Order_List.scr, 00000019.00000002.2496690861.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 0000001D.00000002.2500727360.0000000003323000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000021.00000002.2499992401.0000000003574000.00000004.00000800.00020000.00000000.sdmp, Order_List.scr, 00000029.00000002.2497138207.0000000003024000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        188.114.97.3
                                        		reallyfreegeoip.orgEuropean Union
                                        		13335CLOUDFLARENETUSfalse
                                        193.122.6.168
                                        		checkip.dyndns.comUnited States
                                        		31898ORACLE-BMC-31898USfalse
                                        193.122.130.0
                                        		unknownUnited States
                                        		31898ORACLE-BMC-31898USfalse

                                        General Information

                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1585316
                                        Start date and time:2025-01-07 14:00:32 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 6m 22s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:48
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:New order 2025.msg
                                        Detection:MAL
                                        Classification:mal100.troj.spyw.evad.winMSG@43/14@3/3
                                        Cookbook Comments:
                                        • Found application associated with file extension: .msg

                                        Warnings

                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, rundll32.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                        • Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.109.89.19, 2.16.168.101, 2.16.168.119, 52.168.112.67, 52.109.68.130, 23.56.254.164, 40.126.32.134, 20.109.210.53, 2.23.227.221
                                        • Excluded domains from analysis (whitelisted): omex.cdn.office.net, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, weu-azsc-000.roaming.officeapps.live.com, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, login.live.com, a1864.dscd.akamai.net, www.bing.com, ecs.office.com, fs.microsoft.com, frc-azsc-000.odc.officeapps.live.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, osiprod-frc-bronze-azsc-000.francecentral.cloudapp.azure.com, onedscolprdeus04.eastus.cloudapp.azure.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, mobile.events.data.trafficmanager.net, prod.odcsm1.live.com.akadns.net
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size getting too big, too many NtCreateFile calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                        • Report size getting too big, too many NtSetValueKey calls found.
                                        • VT rate limit hit for: New order 2025.msg

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        08:01:12API Interceptor2x Sleep call for process: OpenWith.exe modified
                                        08:01:52API Interceptor66505x Sleep call for process: Order_List.scr modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        188.114.97.3DHL DOCS 2-0106-25.exeGet hashmaliciousFormBookBrowse
                                        • www.uzshou.world/ricr/
                                        Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                        • www.cifasnc.info/8rr3/
                                        Gg6wivFINd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • unasnetds.ru/eternalPython_RequestUpdateprocessAuthSqlTrafficTemporary.php
                                        Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                        • www.cifasnc.info/8rr3/
                                        dGhlYXB0Z3JvdXA=-free.exeGet hashmaliciousUnknownBrowse
                                        • /api/get/free
                                        dGhlYXB0Z3JvdXA=-free.exeGet hashmaliciousUnknownBrowse
                                        • /api/get/free
                                        RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                        • www.rgenerousrs.store/o362/
                                        A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                        • www.beylikduzu616161.xyz/2nga/
                                        Delivery_Notification_00000260791.doc.jsGet hashmaliciousUnknownBrowse
                                        • radostdetym.ru/?ad=1JXSXybzEjjRJQDbVngTy7d8kEFAxmgmDN&id=rWoA9pTQhV1o4c5fjbOa-d26BGh3QU3-Bk0PqI4WnzM-5vl4IqKPymhrqkRpunF_PTHktMR-2qUlNAtnXA&rnd=45
                                        ce.vbsGet hashmaliciousUnknownBrowse
                                        • paste.ee/d/lxvbq
                                        193.122.6.168file.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • checkip.dyndns.org/
                                        INQUIRY.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                        • checkip.dyndns.org/
                                        Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                        • checkip.dyndns.org/
                                        HALKBANK EKSTRE.exeGet hashmaliciousMassLogger RATBrowse
                                        • checkip.dyndns.org/
                                        EPIRTURMEROOO0060.exeGet hashmaliciousMassLogger RATBrowse
                                        • checkip.dyndns.org/
                                        Proforma Invoice.exeGet hashmaliciousMassLogger RATBrowse
                                        • checkip.dyndns.org/
                                        HUBED342024.exeGet hashmaliciousMassLogger RATBrowse
                                        • checkip.dyndns.org/
                                        YU SV Payment.exeGet hashmaliciousMassLogger RATBrowse
                                        • checkip.dyndns.org/
                                        PAYMENT ADVICE 750013-1012449943-81347-pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                        • checkip.dyndns.org/
                                        PAYMENT SWIFT AND SOA TT07180016-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                        • checkip.dyndns.org/

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        reallyfreegeoip.orgENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        MV DESPINA_VESSEL_DESCRIPTION.doc.scr.exeGet hashmaliciousMassLogger RATBrowse
                                        • 188.114.97.3
                                        FORTUNE RICH_PARTICULARS.pdf.scr.exeGet hashmaliciousMassLogger RATBrowse
                                        • 188.114.97.3
                                        document pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        fiyati_teklif 615TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        PO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                        • 188.114.96.3
                                        checkip.dyndns.comENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 132.226.8.169
                                        MV DESPINA_VESSEL_DESCRIPTION.doc.scr.exeGet hashmaliciousMassLogger RATBrowse
                                        • 132.226.247.73
                                        FORTUNE RICH_PARTICULARS.pdf.scr.exeGet hashmaliciousMassLogger RATBrowse
                                        • 158.101.44.242
                                        document pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 132.226.8.169
                                        fiyati_teklif 615TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 158.101.44.242
                                        yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 132.226.247.73
                                        ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 132.226.8.169
                                        PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 158.101.44.242
                                        kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 132.226.8.169
                                        PO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                        • 158.101.44.242

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        ORACLE-BMC-31898USFORTUNE RICH_PARTICULARS.pdf.scr.exeGet hashmaliciousMassLogger RATBrowse
                                        • 158.101.44.242
                                        fiyati_teklif 615TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 158.101.44.242
                                        PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 158.101.44.242
                                        Fantazy.i686.elfGet hashmaliciousUnknownBrowse
                                        • 193.123.7.176
                                        fuckunix.spc.elfGet hashmaliciousMiraiBrowse
                                        • 144.25.181.0
                                        PO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                        • 158.101.44.242
                                        test.exeGet hashmaliciousUnknownBrowse
                                        • 130.61.86.87
                                        file.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 193.122.130.0
                                        file.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 158.101.44.242
                                        PO_4027_from_IC_Tech_Inc_6908.exeGet hashmaliciousMassLogger RATBrowse
                                        • 158.101.44.242
                                        CLOUDFLARENETUShttps://coggle.it/diagram/Z3zkZPAQxQkDOgmo/t/-/1f6434bfba7d8aab898b2531849681e8b0d7342489acbbff6b172f8658a09526Get hashmaliciousUnknownBrowse
                                        • 104.17.25.14
                                        https://email.garagesalefinder.com/c/eJyMU92OsjoUfZp6xwRaoO2FF-XPYT4VnXHQ8caUFivK3wcC-vYnzImc25OQlbXYa-_VJrtyniCCZ-ncwMg2KKWmPrvMCRWYGDSBBAkLnSGigttEUJpiLHRhzLK5JRHWEbE0wS1LkxzqmpnKRCMYcymIhUyJgKkr3nCVtjxPz1kp0-ZNVMUsn1_u9xogBmAAYDAMw5uqKpWnXLZp02cibUcfgEHNVcolgAEX-Q2goOUAeUsAbZ4B5Lma-bXS9YjEH8_jUsCMDFHdh-8V6xawX6ug4FFt3FtnCCFin8wJow2-DWulyU1_iVhfsfe8SpYtI8px_iiPHZXv8Movh2Cj-95Hcj0kV7urV6jyYvatjOfWaYZ2MRxIba6V3Jx55O3PcZmp2muai3lerzYyDgu0zWKnNlb-o7Sf7h6p70NxCvM23_41HfOEGuWGy9q9Hnlqfep7pO0Kfgrvm-rvV7zTOloie11_fJdEol2uDrr9xfmOPrr1Vr-IJWM_mXjnt9SPV5IVx53pOD-UrUI1qHwX-N2-JfHP9ThUm97B9z_nIOnjcuOGjloo51Iwxy6FckMA7bIrAPIMAG2RSYA8a5H18gTbKy737aLto4f-0GD3DaDdZgogj0WebZ6M8IN8ys_TY2eziPTBe70KjWKtt8gaxll5lpZ3gDzBtbpLNBsalBgGNrFuUoTHOC67JgfIGzehnVYBQAtjAC37l8GRuSOYU4G-pG2NgEYgk_ReFjwWsPli0J_MwSSdVxuc_v2bYU25I0BvMvvT0fBL_tdrsyktMAglv0Qs4o5D0vHD8ZIUFG4XwVMUFP0UQcef1jWBOkDea447drMR_PHuZATmTlIH0KIMQPP3-3_uWTOv0_JWvWU9L6semDpvmmpIeHn7fYv9HP4TAAD__7e2IkMGet hashmaliciousHTMLPhisherBrowse
                                        • 104.17.25.14
                                        https://check.qlkwr.com/awjsx.captcha?u=d9b43caa-60bc-4673-bed6-4e9abc0c0678Get hashmaliciousUnknownBrowse
                                        • 104.21.55.46
                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, StealcBrowse
                                        • 188.114.96.3
                                        Crawl.exeGet hashmaliciousUnknownBrowse
                                        • 1.1.1.1
                                        ENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        Quarantined Messages(3).zipGet hashmaliciousHTMLPhisherBrowse
                                        • 188.114.96.3
                                        U1P3u1tkB2.exeGet hashmaliciousUnknownBrowse
                                        • 104.21.80.209
                                        LVkAi4PBv6.exeGet hashmaliciousUnknownBrowse
                                        • 188.114.97.3
                                        U1P3u1tkB2.exeGet hashmaliciousUnknownBrowse
                                        • 104.21.80.209
                                        ORACLE-BMC-31898USFORTUNE RICH_PARTICULARS.pdf.scr.exeGet hashmaliciousMassLogger RATBrowse
                                        • 158.101.44.242
                                        fiyati_teklif 615TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 158.101.44.242
                                        PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 158.101.44.242
                                        Fantazy.i686.elfGet hashmaliciousUnknownBrowse
                                        • 193.123.7.176
                                        fuckunix.spc.elfGet hashmaliciousMiraiBrowse
                                        • 144.25.181.0
                                        PO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                        • 158.101.44.242
                                        test.exeGet hashmaliciousUnknownBrowse
                                        • 130.61.86.87
                                        file.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 193.122.130.0
                                        file.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 158.101.44.242
                                        PO_4027_from_IC_Tech_Inc_6908.exeGet hashmaliciousMassLogger RATBrowse
                                        • 158.101.44.242

                                        JA3 Fingerprints

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        54328bd36c14bd82ddaa0c04b25ed9adENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        MV DESPINA_VESSEL_DESCRIPTION.doc.scr.exeGet hashmaliciousMassLogger RATBrowse
                                        • 188.114.97.3
                                        FORTUNE RICH_PARTICULARS.pdf.scr.exeGet hashmaliciousMassLogger RATBrowse
                                        • 188.114.97.3
                                        document pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        fiyati_teklif 615TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        PO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                        • 188.114.97.3

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Temp\7zEC2A483AB\Order_List.scr

                                        Download File
                                        Process:C:\Program Files\7-Zip\7zFM.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):706056
                                        Entropy (8bit):7.444668333539724
                                        Encrypted:false
                                        SSDEEP:12288:xTWMWYMV+I4MVKWsXW+KiXe39JZArWHEkznuJVGZdkR:d/GRgjXWLYrvWA
                                        MD5:78A62A23291A3C7907E947BC9F270E09
                                        SHA1:A28A2DB1CACCA688A66A00ECD840AEDEAEF484D4
                                        SHA-256:3652DCDB4EAFF1A11FF293EEDB80363E024BDA7A33F1E1C17B082DFD4CEA5A86
                                        SHA-512:F690A98DDE16B8D5DB12ACC15B5BCF56B8F869773CAF080C16C5ED74A7A182252CFCCDFD3E1068D7761917E5F58DE6B03FBC452FDCFCEA2FE0D15BD3CB300FCA
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 21%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....|g..............0..r.............. ........@.. ....................................`.....................................O.......l................6........................................................... ............... ..H............text....p... ...r.................. ..`.rsrc...l............t..............@..@.reloc..............................@..B........................H.......PB...7......4....y...............................................0............}.....r...p(....}.....r...p(....}.....s....}......}......}.....(.......( .....{.....r7..pr9..p~5...%-.&~4.....R...s....%.5...(...+(...+~6...%-.&~4.....S...s....%.6...(...+...G...%..(...+s.....%.rK..p.%.rY..p...H...(....rs..p ............%...%...(.....*...0..(..........}.....{....o.....s ...... ....(!...&*F...}......(.....*...0..............{.....X..}.....s*...}......{....o"....o#...t.......(

                                        C:\Users\user\AppData\Local\Temp\7zO4E440DCC\version.txt

                                        Download File
                                        Process:C:\Program Files\7-Zip\7zFM.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1620
                                        Entropy (8bit):3.3901031252218043
                                        Encrypted:false
                                        SSDEEP:24:ft0tzGqcbKJvFXfqIKfC3I8fwlVtVwjNiW3GXSyO13b1PNHqwY:lC6KDv8Cz4VtVwpiW3byKLKwY
                                        MD5:46012E1D8B7C6DFF2E838E36E122AC4B
                                        SHA1:37CD3D135037B85CE08C726B1B319EE7D1428182
                                        SHA-256:D86A77BB5FB34998170F590EA52E944A5C549484EF0851A82B1B87F4AF478BAC
                                        SHA-512:888AC46B40BCF09816E2DB0B1246736DD99D0B5A0C376B472C01D991253088C1E60A2FF1FF30E0B1C7E751D3E77FC5B89DB3FB306EB62A0BF730FEAD9880ABF7
                                        Malicious:false
                                        Preview:F.I.L.E.V.E.R.S.I.O.N. . . . .1.,.0.,.0.,.0.....P.R.O.D.U.C.T.V.E.R.S.I.O.N. .1.,.0.,.0.,.0.....F.I.L.E.F.L.A.G.S.M.A.S.K. . .0.x.3.F.....F.I.L.E.F.L.A.G.S. . . . . . .0.x.0.....F.I.L.E.O.S. . . . . . . . . .V.O.S._.U.N.K.N.O.W.N. .|. .V.O.S._._.W.I.N.D.O.W.S.3.2.....F.I.L.E.T.Y.P.E. . . . . . . .V.F.T._.A.P.P.....F.I.L.E.S.U.B.T.Y.P.E. . . . .0.x.0.....{..... . .B.L.O.C.K. .".V.a.r.F.i.l.e.I.n.f.o."..... . .{..... . . . .V.A.L.U.E. .".T.r.a.n.s.l.a.t.i.o.n.".,. .0.x.0.,. .1.2.0.0..... . .}..... . .B.L.O.C.K. .".S.t.r.i.n.g.F.i.l.e.I.n.f.o."..... . .{..... . . . .B.L.O.C.K. .".0.0.0.0.0.4.b.0."..... . . . .{..... . . . . . .V.A.L.U.E. .".C.o.m.m.e.n.t.s.".,. . . . . . . . . . ."."..... . . . . . .V.A.L.U.E. .".C.o.m.p.a.n.y.N.a.m.e.".,. . . . . . . ."."..... . . . . . .V.A.L.U.E. .".F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.".,. . . .".D.r.a.g.D.r.o.p.D.e.m.o."..... . . . . . .V.A.L.U.E. .".F.i.l.e.V.e.r.s.i.o.n.".,. . . . . . . .".1...0...0...0."..... . . . . . .V.A.L.U.E. .".I.n.t.e.r.n.a.l.N.a.

                                        C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250107T0801000560-3528.etl

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):98304
                                        Entropy (8bit):4.454669670979661
                                        Encrypted:false
                                        SSDEEP:1536:19cf8JCVf8+KC7jByMg4p01CfTTLNoKuU401XHqxW40+9YSfsXMz10CglK3uX:A40+CSkXy0P
                                        MD5:157E56BFD357844462A565E237F7BE2A
                                        SHA1:17A004DB1998CE26E9F2D3EBECAAA4B61F8E9930
                                        SHA-256:6689166A330B813C0338293E3E0AF850FEA44C35240D0DEACE8FF8A609D88044
                                        SHA-512:D954CB4313EA7E10CEFAA8FC2FA02DE435A243BF2BF3027570135305F54765EC64E544CE940BACE8D045D2A2B4F002BFEEB05DE872A871AA847C70F47BFFDA9C
                                        Malicious:false
                                        Preview:............................................................................`...T.........F3.a..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...............................................................Y............F3.a..........v.2._.O.U.T.L.O.O.K.:.d.c.8.:.1.7.9.c.5.9.2.c.9.7.d.a.4.6.1.6.a.3.d.4.3.9.6.8.3.3.b.d.0.f.b.3...C.:.\.U.s.e.r.s.\.n.o.r.d.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.1.0.7.T.0.8.0.1.0.0.0.5.6.0.-.3.5.2.8...e.t.l.......P.P.T.........F3.a..........................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\tmp180E.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\Order_List.scr
                                        File Type:XML 1.0 document, ASCII text
                                        Category:dropped
                                        Size (bytes):1578
                                        Entropy (8bit):5.103135331453591
                                        Encrypted:false
                                        SSDEEP:24:2di4+S2qhz1zy1moUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtiAVLxvn:cgezwYrFdOFzOzN33ODOiDdKrsuTV1v
                                        MD5:571BDDAE754BBCC92266BC5EC5F940CD
                                        SHA1:76EDEC53EA32A6309815BC75DB6281B48EB694F1
                                        SHA-256:DE3224AB17C4489B5FEBC28AB90ECC727525DFA168BE32E32430E9132421F479
                                        SHA-512:BC4322382DCE8AFEBAC717B1BFD3CD5331BED8AB0EA95A67D9F9CA3B0F4F582673B10C491CB94F41C43CB19504200D10D0ABD68B3FFA5848FDE06B06A22A86C7
                                        Malicious:true
                                        Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                        C:\Users\user\AppData\Local\Temp\tmp38E5.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\Order_List.scr
                                        File Type:XML 1.0 document, ASCII text
                                        Category:dropped
                                        Size (bytes):1578
                                        Entropy (8bit):5.103135331453591
                                        Encrypted:false
                                        SSDEEP:24:2di4+S2qhz1zy1moUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtiAVLxvn:cgezwYrFdOFzOzN33ODOiDdKrsuTV1v
                                        MD5:571BDDAE754BBCC92266BC5EC5F940CD
                                        SHA1:76EDEC53EA32A6309815BC75DB6281B48EB694F1
                                        SHA-256:DE3224AB17C4489B5FEBC28AB90ECC727525DFA168BE32E32430E9132421F479
                                        SHA-512:BC4322382DCE8AFEBAC717B1BFD3CD5331BED8AB0EA95A67D9F9CA3B0F4F582673B10C491CB94F41C43CB19504200D10D0ABD68B3FFA5848FDE06B06A22A86C7
                                        Malicious:false
                                        Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                        C:\Users\user\AppData\Local\Temp\tmp60CF.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\Order_List.scr
                                        File Type:XML 1.0 document, ASCII text
                                        Category:dropped
                                        Size (bytes):1578
                                        Entropy (8bit):5.103135331453591
                                        Encrypted:false
                                        SSDEEP:24:2di4+S2qhz1zy1moUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtiAVLxvn:cgezwYrFdOFzOzN33ODOiDdKrsuTV1v
                                        MD5:571BDDAE754BBCC92266BC5EC5F940CD
                                        SHA1:76EDEC53EA32A6309815BC75DB6281B48EB694F1
                                        SHA-256:DE3224AB17C4489B5FEBC28AB90ECC727525DFA168BE32E32430E9132421F479
                                        SHA-512:BC4322382DCE8AFEBAC717B1BFD3CD5331BED8AB0EA95A67D9F9CA3B0F4F582673B10C491CB94F41C43CB19504200D10D0ABD68B3FFA5848FDE06B06A22A86C7
                                        Malicious:false
                                        Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                        C:\Users\user\AppData\Local\Temp\tmp74B5.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\Order_List.scr
                                        File Type:XML 1.0 document, ASCII text
                                        Category:dropped
                                        Size (bytes):1578
                                        Entropy (8bit):5.103135331453591
                                        Encrypted:false
                                        SSDEEP:24:2di4+S2qhz1zy1moUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtiAVLxvn:cgezwYrFdOFzOzN33ODOiDdKrsuTV1v
                                        MD5:571BDDAE754BBCC92266BC5EC5F940CD
                                        SHA1:76EDEC53EA32A6309815BC75DB6281B48EB694F1
                                        SHA-256:DE3224AB17C4489B5FEBC28AB90ECC727525DFA168BE32E32430E9132421F479
                                        SHA-512:BC4322382DCE8AFEBAC717B1BFD3CD5331BED8AB0EA95A67D9F9CA3B0F4F582673B10C491CB94F41C43CB19504200D10D0ABD68B3FFA5848FDE06B06A22A86C7
                                        Malicious:false
                                        Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                        C:\Users\user\AppData\Local\Temp\tmp95CA.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\Order_List.scr
                                        File Type:XML 1.0 document, ASCII text
                                        Category:dropped
                                        Size (bytes):1578
                                        Entropy (8bit):5.103135331453591
                                        Encrypted:false
                                        SSDEEP:24:2di4+S2qhz1zy1moUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtiAVLxvn:cgezwYrFdOFzOzN33ODOiDdKrsuTV1v
                                        MD5:571BDDAE754BBCC92266BC5EC5F940CD
                                        SHA1:76EDEC53EA32A6309815BC75DB6281B48EB694F1
                                        SHA-256:DE3224AB17C4489B5FEBC28AB90ECC727525DFA168BE32E32430E9132421F479
                                        SHA-512:BC4322382DCE8AFEBAC717B1BFD3CD5331BED8AB0EA95A67D9F9CA3B0F4F582673B10C491CB94F41C43CB19504200D10D0ABD68B3FFA5848FDE06B06A22A86C7
                                        Malicious:false
                                        Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                        C:\Users\user\AppData\Local\Temp\~DFC0673EF9709CBB96.TMP

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):163840
                                        Entropy (8bit):0.33321620034013927
                                        Encrypted:false
                                        SSDEEP:192:/+GmCyPxard/8UJV2MZgNgz0XHWQOAIAbAFAqwNh/:/iCAc/JPvZ/z0XHOAIMu
                                        MD5:45F19005EA40B4F979F81E14186ABBAA
                                        SHA1:A2EE6546FB27FF1C87F685ADCA60B7B3191E5D66
                                        SHA-256:B57B715D1C40CAAD5A15D209FAD0A859716062B87413BE56129B5541EF9333D2
                                        SHA-512:624289A4AC9BC57F70C70BAB8C381B243C06AA467D438F3086E6DE30477A487A2F9A39CD1A2B759D9CFF04747DCB799005AC5D434C01266F78CA287E96D0038B
                                        Malicious:false
                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\FTlLqTRGrXZr.exe

                                        Download File
                                        Process:C:\Users\user\Desktop\Order_List.scr
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):706056
                                        Entropy (8bit):7.444668333539724
                                        Encrypted:false
                                        SSDEEP:12288:xTWMWYMV+I4MVKWsXW+KiXe39JZArWHEkznuJVGZdkR:d/GRgjXWLYrvWA
                                        MD5:78A62A23291A3C7907E947BC9F270E09
                                        SHA1:A28A2DB1CACCA688A66A00ECD840AEDEAEF484D4
                                        SHA-256:3652DCDB4EAFF1A11FF293EEDB80363E024BDA7A33F1E1C17B082DFD4CEA5A86
                                        SHA-512:F690A98DDE16B8D5DB12ACC15B5BCF56B8F869773CAF080C16C5ED74A7A182252CFCCDFD3E1068D7761917E5F58DE6B03FBC452FDCFCEA2FE0D15BD3CB300FCA
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 21%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....|g..............0..r.............. ........@.. ....................................`.....................................O.......l................6........................................................... ............... ..H............text....p... ...r.................. ..`.rsrc...l............t..............@..@.reloc..............................@..B........................H.......PB...7......4....y...............................................0............}.....r...p(....}.....r...p(....}.....s....}......}......}.....(.......( .....{.....r7..pr9..p~5...%-.&~4.....R...s....%.5...(...+(...+~6...%-.&~4.....S...s....%.6...(...+...G...%..(...+s.....%.rK..p.%.rY..p...H...(....rs..p ............%...%...(.....*...0..(..........}.....{....o.....s ...... ....(!...&*F...}......(.....*...0..............{.....X..}.....s*...}......{....o"....o#...t.......(

                                        C:\Users\user\Desktop\Order_List.rar

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:RAR archive data, v5
                                        Category:dropped
                                        Size (bytes):550956
                                        Entropy (8bit):7.999202934963724
                                        Encrypted:true
                                        SSDEEP:12288:E+13/PxkcsDtYwjjQA6FFOEkhvbtovMRBWheACEHGzjO5zkIgL4:E+xcVwFOEkZttRzEmzqoIgM
                                        MD5:6A06EE947AB6A43C402483F29C8144C5
                                        SHA1:A74BC2E6EEE488BBCB9C0379C8EF9FAA13BF4B0F
                                        SHA-256:B54E94F269C9DF8B3CD921E20190B6AE3EC47E81F39EBC9B7DDFB5A131D03DE7
                                        SHA-512:B9A88CB889EFF5392EC964C9866DD1F365AFA284BEA54686059F4C78A767451A6FA496A492CF21808752D7F62057CB5A9B1D46F001DC19B32D68A69674AA43B1
                                        Malicious:false
                                        Preview:Rar!....^.7...............l.,.....!...+ .~......Order_List.scr...A7...`....^V`.DD26o.P\.p(.H.. G.!...$@......I....d,.....9...1.&D........"...1...].l.-@..|?...:.4.......2.t.U{uuu~._.T.W.f.+5y.........(/.....@........h..........h/..[ ..........p..........(.X/.............)..p..........(.(,.+Jb3.1 .8....mv0\.S.[.....\.....X.....JbUA.<.....y..yU'.................B..B.h..n>V%x.b#Z....3....}(..3.n.. },I.S..Z..78.....k,....`L..1..]E.^.A..!.f..*.q.b..>JH.~Ar4..._....UB.).....I..4U.v..x.#...\#.[........%2.`..h..E.A7.(..s@.B....e.....N9a.H.P..=9,..fb.v...\...XQ...$..9..O@..-.BM.... ..>.{X..,......i.c..u.".*I...oo@.....Ps.*-G.C...3.`sN.4..3.?.`tU~.8..UA.4.U..Z......:u...E[.&..G..[<.X.....[n..2.....8R.0.r#Gl..<..*.\Wa.^@8.,.H..r'%.%3.".L.e..N..t.b@.,a....i......'...77G...(.....i.pi0.ud....i..g+./V..Uq0..T..J."..Bu..X.@})+.,...C...C.7P....(.......{...s.hN+...;..J.....T!H....Q'...2eZ`.........$_......$....U...Sf$..#J...].#.......uV....M.....(.n...Y8...Q.Y9'SlWb

                                        C:\Users\user\Desktop\Order_List.rar:Zone.Identifier

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:modified
                                        Size (bytes):26
                                        Entropy (8bit):3.95006375643621
                                        Encrypted:false
                                        SSDEEP:3:gAWY3n:qY3n
                                        MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                        SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                        SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                        SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                        Malicious:false
                                        Preview:[ZoneTransfer]..ZoneId=3..

                                        C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:Microsoft Outlook email folder (>=2003)
                                        Category:dropped
                                        Size (bytes):271360
                                        Entropy (8bit):1.479047153043351
                                        Encrypted:false
                                        SSDEEP:768:jQc7hSzUTfZZ7nWzxsZ8BUTIZOZT9LGBfEKXGG9fr:Dw8ZBWzxsZeNZOsfP3fr
                                        MD5:546B4960DE69137CC0B86B7F5855B7E3
                                        SHA1:6E04D898053E867DB5D6247D9A429FD5B0E7B6BA
                                        SHA-256:AB05E0519D59436A2A8585D5E939935F48822F37A3D0E7444F0059E62DBC9AA0
                                        SHA-512:A6F73410A128AED9C85BA67AB8886B0FDCD733776447B686AF105AE2643A53CEE70A04529A974198F9213FAC9D5B7755DB59ADCC8D3D4EA8C1725E1768C21769
                                        Malicious:true
                                        Preview:!BDN..i.SM......\...%....*..............\................@...........@...@...................................@...........................................................................$.......D..................................................................................................................................................................................................................................................................................................................................H........7..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):131072
                                        Entropy (8bit):1.1197749727023627
                                        Encrypted:false
                                        SSDEEP:384:XnYjFzfgOPeWHZG0yO4rLWZl7uVlX1RR:XwiO8BfzlX
                                        MD5:FF75C1C61F3BE156795180D2577988A5
                                        SHA1:C57D19F4DA6A6928A923E990722040C6A633E387
                                        SHA-256:9455BC7EA7C6508F0ADB21BDCAFE64F69622EDF6DE60C855489B4619F2711077
                                        SHA-512:8DFC2FBD531C749938C9106665585DAE66AB7AE4240E6850BF9FA6856C3036C5CD253A5B9097848C21091EC4EF95FC7CE244E13A99654F98A1A2DCE6BC5C8E6A
                                        Malicious:true
                                        Preview:e.V+0...R...........+z.3.a.......D............#...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................../.d.D........V.0...S...........+z.3.a.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                        Static File Info

                                        General

                                        File type:CDFV2 Microsoft Outlook Message
                                        Entropy (8bit):7.914507927116324
                                        TrID:
                                        • Outlook Message (71009/1) 58.92%
                                        • Outlook Form Template (41509/1) 34.44%
                                        • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                        File name:New order 2025.msg
                                        File size:589'824 bytes
                                        MD5:090fa1528dc91da7a535993ca87e0a86
                                        SHA1:db19834414aa418e7ed18c4b7bd15dda358d937d
                                        SHA256:45c96d5abea74039cdcc0c3cd8210068c214551ccc8b330a37c00ee9ab2181fd
                                        SHA512:1fa852eacda1b57b3fae133e2e318966e3a900a19bcf9c7eecbda3c32ba16e7517025c9ca85445cc90d4621e4178e974f3b3fd54b11b8e16719669c3fce5d64c
                                        SSDEEP:12288:u+13/PxkcsDtYwjjQA6FFOEkhvbtovMRBWheACEHGzjO5zkIgL:u+xcVwFOEkZttRzEmzqoIg
                                        TLSH:36C4126832F90F1AF6FB9E779DC681468525BC82DF24CB5F6291B35E0474B40E86072B
                                        File Content Preview:........................>.......................................................>...?...@...A...B...C...D...E..................................................................................................................................................

                                        Static Mail

                                        General

                                        Subject:New order 2025
                                        From:Hassan Macki <nuno.pascoa@creative-cork.com>
                                        To:buildingpermits@marionfl.org
                                        Cc:
                                        BCC:
                                        Date:Tue, 07 Jan 2025 09:55:17 +0100
                                        Communications:
                                        • CAUTION: THIS MESSAGE IS FROM AN EXTERNAL SENDER This email originated from outside the organization. Do not click links, open attachments, or share any information unless you recognize the sender and know the content is safe. Report suspicious emails using the "Phish Alert" button in Outlook or contact the Helpdesk. Greetings, I am Hassan Macki, Managing Director of Egyptalum Co., Ltd. Im interested in your products and would like to request a quote for the items listed in the attached document. Please provide pricing, availability, and any relevant details. Feel free to contact me if you need further information. I look forward to your response. Best regards, Hassan Macki Egyptalum Ltd Tel: 0 691 470 049 / 0 691 650 001
                                        Attachments:
                                        • Order_List.rar

                                        Headers

                                        Key Value
                                        Receivedfrom [204.10.160.177] (unknown [204.10.160.177])
                                        by SJ0PR09MB6464.namprd09.prod.outlook.com (260310b6:a03:26d::13) with
                                        2025 0930:54 +0000
                                        (260310b6:930:1::22) with Microsoft SMTP Server (version=TLS1_3,
                                        7 Jan 2025 0930:54 +0000
                                        Authentication-Resultsspf=pass (sender IP is 130.185.83.231)
                                        Received-SPFpass (serv01.republica45.com: connection is authenticated)
                                        via Frontend Transport; Tue, 7 Jan 2025 0930:54 +0000
                                        for <buildingpermits@marionfl.org>; Tue, 7 Jan 2025 0855:18 +0000 (WET)
                                        Authentication-Results-Originalserv01.republica45.com; spf=pass (sender IP
                                        FromHassan Macki <nuno.pascoa@creative-cork.com>
                                        Tobuildingpermits@marionfl.org
                                        SubjectNew order 2025
                                        Date7 Jan 2025 00:55:17 -0800
                                        Message-ID<20250107005516.B1EB42501446F173@creative-cork.com>
                                        MIME-Version1.0
                                        Content-Typemultipart/mixed;
                                        Return-Pathnuno.pascoa@creative-cork.com
                                        X-EOPAttributedMessage0
                                        X-EOPTenantAttributedMessage25a1914d-7aca-40d5-91d5-cd84a5137a31:0
                                        X-MS-PublicTrafficTypeEmail
                                        X-MS-TrafficTypeDiagnosticDS1PEPF00017E07:EE_|SJ0PR09MB6464:EE_
                                        X-MS-Office365-Filtering-Correlation-Id8bed4a55-4f62-4f25-8626-08dd2efdfc0a
                                        X-MS-Exchange-AtpMessagePropertiesSA|SL
                                        dateTue, 07 Jan 2025 09:55:17 +0100

                                        File Icon

                                        Icon Hash:c4e1928eacb280a2

                                        Network Behavior

                                        Suricata IDS Alerts

                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2025-01-07T14:01:58.508583+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849707193.122.6.16880TCP
                                        2025-01-07T14:01:59.448592+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849707193.122.6.16880TCP
                                        2025-01-07T14:02:00.021731+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1849709188.114.97.3443TCP
                                        2025-01-07T14:02:00.729597+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849710193.122.6.16880TCP
                                        2025-01-07T14:02:06.149601+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849719193.122.6.16880TCP
                                        2025-01-07T14:02:07.028602+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849719193.122.6.16880TCP
                                        2025-01-07T14:02:07.605172+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1849723188.114.97.3443TCP
                                        2025-01-07T14:02:08.334906+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849725193.122.6.16880TCP
                                        2025-01-07T14:02:09.607599+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849727193.122.6.16880TCP
                                        2025-01-07T14:02:16.582607+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849737193.122.6.16880TCP
                                        2025-01-07T14:02:17.556613+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849737193.122.6.16880TCP
                                        2025-01-07T14:02:18.129918+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1849739188.114.97.3443TCP
                                        2025-01-07T14:02:18.833624+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849740193.122.6.16880TCP
                                        2025-01-07T14:02:21.352622+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849744193.122.6.16880TCP
                                        2025-01-07T14:02:22.294022+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849744193.122.6.16880TCP
                                        2025-01-07T14:02:22.858665+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1849749188.114.97.3443TCP
                                        2025-01-07T14:02:23.392614+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849751193.122.130.080TCP
                                        2025-01-07T14:02:30.118578+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849766193.122.130.080TCP
                                        2025-01-07T14:02:30.884588+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849766193.122.130.080TCP
                                        2025-01-07T14:02:31.423685+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1849769188.114.97.3443TCP
                                        2025-01-07T14:02:32.022292+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1849770193.122.130.080TCP

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Jan 7, 2025 14:01:56.717693090 CET4970780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:01:56.722548962 CET8049707193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:01:56.722631931 CET4970780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:01:56.722841978 CET4970780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:01:56.727638960 CET8049707193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:01:58.266264915 CET8049707193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:01:58.266598940 CET8049707193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:01:58.266655922 CET4970780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:01:58.266882896 CET8049707193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:01:58.266927004 CET4970780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:01:58.267277002 CET8049707193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:01:58.267330885 CET4970780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:01:58.270286083 CET4970780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:01:58.275012016 CET8049707193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:01:58.456536055 CET8049707193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:01:58.504271984 CET49708443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:01:58.504296064 CET44349708188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:01:58.504368067 CET49708443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:01:58.508583069 CET4970780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:01:58.510360956 CET49708443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:01:58.510376930 CET44349708188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:01:58.987565994 CET44349708188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:01:58.987651110 CET49708443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:01:58.990777969 CET49708443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:01:58.990791082 CET44349708188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:01:58.991092920 CET44349708188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:01:59.033597946 CET49708443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:01:59.038197994 CET49708443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:01:59.079349041 CET44349708188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:01:59.148310900 CET44349708188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:01:59.148401976 CET44349708188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:01:59.148453951 CET49708443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:01:59.153870106 CET49708443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:01:59.157268047 CET4970780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:01:59.162189960 CET8049707193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:01:59.406440973 CET8049707193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:01:59.408371925 CET49709443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:01:59.408410072 CET44349709188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:01:59.408476114 CET49709443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:01:59.408786058 CET49709443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:01:59.408799887 CET44349709188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:01:59.448591948 CET4970780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:01:59.874049902 CET44349709188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:01:59.876466036 CET49709443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:01:59.876487970 CET44349709188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:00.021752119 CET44349709188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:00.021815062 CET44349709188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:00.021889925 CET49709443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:00.022305012 CET49709443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:00.025608063 CET4970780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:00.026885986 CET4971080192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:00.030582905 CET8049707193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:00.030654907 CET4970780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:00.031735897 CET8049710193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:00.031817913 CET4971080192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:00.031929016 CET4971080192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:00.036665916 CET8049710193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:00.669891119 CET8049710193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:00.671282053 CET49711443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:00.671302080 CET44349711188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:00.671374083 CET49711443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:00.671627998 CET49711443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:00.671639919 CET44349711188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:00.729597092 CET4971080192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:01.127559900 CET44349711188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:01.129256010 CET49711443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:01.129275084 CET44349711188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:01.268759012 CET44349711188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:01.268827915 CET44349711188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:01.268882036 CET49711443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:01.269428015 CET49711443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:01.274346113 CET4971280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:01.279212952 CET8049712193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:01.279309034 CET4971280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:01.279412985 CET4971280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:01.284198046 CET8049712193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:01.925554991 CET8049712193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:01.927194118 CET49713443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:01.927239895 CET44349713188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:01.927350998 CET49713443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:01.927973032 CET49713443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:01.927988052 CET44349713188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:01.970632076 CET4971280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:02.403270960 CET44349713188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:02.404814005 CET49713443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:02.404846907 CET44349713188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:02.551490068 CET44349713188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:02.551558971 CET44349713188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:02.551688910 CET49713443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:02.552246094 CET49713443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:02.555939913 CET4971280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:02.560039997 CET4971480192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:02.560981989 CET8049712193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:02.561078072 CET4971280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:02.564933062 CET8049714193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:02.565046072 CET4971480192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:02.592513084 CET4971480192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:02.597328901 CET8049714193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:03.216233969 CET8049714193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:03.217643023 CET49715443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:03.217670918 CET44349715188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:03.217767954 CET49715443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:03.218017101 CET49715443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:03.218028069 CET44349715188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:03.261629105 CET4971480192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:03.673501968 CET44349715188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:03.675138950 CET49715443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:03.675165892 CET44349715188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:03.808815956 CET44349715188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:03.808882952 CET44349715188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:03.808929920 CET49715443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:03.809312105 CET49715443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:03.812639952 CET4971480192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:03.813812017 CET4971680192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:03.817639112 CET8049714193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:03.817703009 CET4971480192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:03.818584919 CET8049716193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:03.818675041 CET4971680192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:03.818759918 CET4971680192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:03.823545933 CET8049716193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:04.445358992 CET8049716193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:04.446718931 CET49717443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:04.446763992 CET44349717188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:04.446845055 CET49717443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:04.447123051 CET49717443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:04.447135925 CET44349717188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:04.490612984 CET4971680192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:04.914544106 CET44349717188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:04.916749001 CET49717443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:04.916784048 CET44349717188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:05.106590986 CET44349717188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:05.106796026 CET44349717188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:05.106879950 CET49717443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:05.107809067 CET49717443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:05.133136988 CET4971680192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:05.138264894 CET8049716193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:05.138340950 CET4971680192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:05.139200926 CET4971880192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:05.144089937 CET8049718193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:05.144182920 CET4971880192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:05.144530058 CET4971880192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:05.149334908 CET8049718193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:05.241493940 CET4971980192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:05.246397972 CET8049719193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:05.246491909 CET4971980192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:05.246720076 CET4971980192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:05.251490116 CET8049719193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:05.828253984 CET8049718193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:05.829718113 CET49720443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:05.829757929 CET44349720188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:05.829843998 CET49720443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:05.830178022 CET49720443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:05.830188036 CET44349720188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:05.877609015 CET4971880192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:05.904905081 CET8049719193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:05.908328056 CET4971980192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:05.913173914 CET8049719193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:06.100987911 CET8049719193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:06.135116100 CET49721443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:06.135154009 CET44349721188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:06.135257006 CET49721443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:06.139187098 CET49721443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:06.139205933 CET44349721188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:06.149600983 CET4971980192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:06.295676947 CET44349720188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:06.297704935 CET49720443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:06.297713995 CET44349720188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:06.450076103 CET44349720188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:06.450143099 CET44349720188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:06.450196981 CET49720443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:06.450650930 CET49720443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:06.454190016 CET4971880192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:06.455533028 CET4972280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:06.459255934 CET8049718193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:06.460340977 CET8049722193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:06.460405111 CET4971880192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:06.460441113 CET4972280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:06.460551023 CET4972280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:06.465727091 CET8049722193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:06.606035948 CET44349721188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:06.606122971 CET49721443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:06.607568979 CET49721443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:06.607577085 CET44349721188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:06.607866049 CET44349721188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:06.659276009 CET49721443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:06.703325987 CET44349721188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:06.764327049 CET44349721188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:06.764393091 CET44349721188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:06.764502048 CET49721443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:06.767328024 CET49721443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:06.770849943 CET4971980192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:06.776257038 CET8049719193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:06.973578930 CET8049719193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:06.975543022 CET49723443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:06.975575924 CET44349723188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:06.975703001 CET49723443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:06.976038933 CET49723443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:06.976053953 CET44349723188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:07.028601885 CET4971980192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:07.111571074 CET8049722193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:07.116036892 CET49724443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:07.116082907 CET44349724188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:07.116167068 CET49724443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:07.116528034 CET49724443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:07.116544008 CET44349724188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:07.156707048 CET4972280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:07.454236031 CET44349723188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:07.455970049 CET49723443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:07.456006050 CET44349723188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:07.591434956 CET44349724188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:07.600675106 CET49724443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:07.600708008 CET44349724188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:07.605209112 CET44349723188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:07.605264902 CET44349723188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:07.605307102 CET49723443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:07.606327057 CET49723443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:07.629728079 CET4971980192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:07.634705067 CET4972580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:07.634845018 CET8049719193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:07.634896040 CET4971980192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:07.639556885 CET8049725193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:07.639664888 CET4972580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:07.639748096 CET4972580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:07.645113945 CET8049725193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:07.757142067 CET44349724188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:07.757210970 CET44349724188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:07.757256985 CET49724443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:07.757795095 CET49724443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:08.294661999 CET8049725193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:08.296067953 CET49726443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:08.296123981 CET44349726188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:08.296192884 CET49726443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:08.296443939 CET49726443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:08.296458960 CET44349726188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:08.334906101 CET4972580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:08.755570889 CET44349726188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:08.757126093 CET49726443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:08.757158041 CET44349726188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:08.902744055 CET44349726188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:08.902820110 CET44349726188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:08.903065920 CET49726443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:08.903326035 CET49726443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:08.906512976 CET4972580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:08.907836914 CET4972780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:08.911484957 CET8049725193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:08.911593914 CET4972580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:08.912575006 CET8049727193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:08.912652969 CET4972780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:08.912718058 CET4972780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:08.917480946 CET8049727193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:09.556632996 CET8049727193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:09.557995081 CET49728443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:09.558027029 CET44349728188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:09.558099985 CET49728443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:09.558408976 CET49728443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:09.558420897 CET44349728188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:09.607599020 CET4972780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:10.043895006 CET44349728188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:10.045844078 CET49728443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:10.045866966 CET44349728188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:10.194402933 CET44349728188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:10.194485903 CET44349728188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:10.194647074 CET49728443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:10.195168018 CET49728443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:10.199955940 CET4972980192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:10.204864025 CET8049729193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:10.204984903 CET4972980192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:10.205096960 CET4972980192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:10.209876060 CET8049729193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:10.831182003 CET8049729193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:10.832678080 CET49730443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:10.832729101 CET44349730188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:10.832823038 CET49730443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:10.833085060 CET49730443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:10.833097935 CET44349730188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:10.881608963 CET4972980192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:11.320003033 CET44349730188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:11.322099924 CET49730443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:11.322133064 CET44349730188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:11.472210884 CET44349730188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:11.472274065 CET44349730188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:11.472342968 CET49730443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:11.472784042 CET49730443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:11.476784945 CET4972980192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:11.478290081 CET4973180192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:11.481807947 CET8049729193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:11.481873989 CET4972980192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:11.483136892 CET8049731193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:11.483211040 CET4973180192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:11.483297110 CET4973180192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:11.488030910 CET8049731193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:12.138329029 CET8049731193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:12.139642954 CET49732443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:12.139689922 CET44349732188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:12.139780998 CET49732443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:12.140022993 CET49732443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:12.140036106 CET44349732188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:12.191612005 CET4973180192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:12.605655909 CET44349732188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:12.607405901 CET49732443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:12.607439041 CET44349732188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:12.735979080 CET44349732188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:12.736051083 CET44349732188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:12.736126900 CET49732443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:12.737670898 CET49732443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:12.741056919 CET4973180192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:12.742513895 CET4973380192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:12.745995998 CET8049731193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:12.746078014 CET4973180192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:12.747368097 CET8049733193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:12.747451067 CET4973380192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:12.747528076 CET4973380192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:12.752348900 CET8049733193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:13.382684946 CET8049733193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:13.384108067 CET49734443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:13.384154081 CET44349734188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:13.384217978 CET49734443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:13.384491920 CET49734443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:13.384505033 CET44349734188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:13.437623978 CET4973380192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:13.844882965 CET44349734188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:13.846470118 CET49734443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:13.846503973 CET44349734188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:13.997109890 CET44349734188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:13.997195005 CET44349734188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:13.997255087 CET49734443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:13.997733116 CET49734443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:14.001199961 CET4973380192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:14.002362013 CET4973580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:14.006254911 CET8049733193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:14.006314993 CET4973380192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:14.007194042 CET8049735193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:14.007267952 CET4973580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:14.007363081 CET4973580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:14.012080908 CET8049735193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:14.675405979 CET8049735193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:14.676949978 CET49736443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:14.677010059 CET44349736188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:14.677103043 CET49736443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:14.677365065 CET49736443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:14.677382946 CET44349736188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:14.730645895 CET4973580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:15.165332079 CET44349736188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:15.166877031 CET49736443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:15.166904926 CET44349736188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:15.297852039 CET44349736188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:15.297930002 CET44349736188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:15.297988892 CET49736443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:15.298482895 CET49736443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:15.386636019 CET4973780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:15.391568899 CET8049737193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:15.391643047 CET4973780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:15.391864061 CET4973780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:15.396634102 CET8049737193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:16.350814104 CET8049737193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:16.354557991 CET4973780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:16.359389067 CET8049737193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:16.541753054 CET8049737193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:16.578691006 CET49738443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:16.578739882 CET44349738188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:16.578906059 CET49738443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:16.582607031 CET4973780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:16.584201097 CET49738443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:16.584213972 CET44349738188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:17.089322090 CET44349738188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:17.089397907 CET49738443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:17.090986967 CET49738443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:17.090997934 CET44349738188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:17.091350079 CET44349738188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:17.135853052 CET49738443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:17.179322958 CET44349738188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:17.255600929 CET44349738188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:17.255691051 CET44349738188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:17.257508993 CET49738443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:17.291168928 CET49738443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:17.316756010 CET4973780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:17.321671963 CET8049737193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:17.504571915 CET8049737193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:17.506541014 CET49739443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:17.506594896 CET44349739188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:17.506666899 CET49739443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:17.506968021 CET49739443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:17.506983042 CET44349739188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:17.556612968 CET4973780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:17.977739096 CET44349739188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:17.979695082 CET49739443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:17.979732990 CET44349739188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:18.130001068 CET44349739188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:18.130089045 CET44349739188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:18.130151987 CET49739443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:18.130603075 CET49739443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:18.134083033 CET4973780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:18.135338068 CET4974080192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:18.139075994 CET8049737193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:18.139141083 CET4973780192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:18.140137911 CET8049740193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:18.140239954 CET4974080192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:18.140317917 CET4974080192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:18.145051003 CET8049740193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:18.776488066 CET8049740193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:18.777935028 CET49741443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:18.777981997 CET44349741188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:18.778079033 CET49741443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:18.778309107 CET49741443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:18.778322935 CET44349741188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:18.833623886 CET4974080192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:19.248051882 CET44349741188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:19.250366926 CET49741443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:19.250394106 CET44349741188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:19.387140989 CET44349741188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:19.387212038 CET44349741188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:19.387490988 CET49741443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:19.387764931 CET49741443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:19.392709970 CET4974280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:19.397567034 CET8049742193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:19.397654057 CET4974280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:19.397754908 CET4974280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:19.402519941 CET8049742193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:20.050287962 CET8049742193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:20.051718950 CET49743443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:20.051762104 CET44349743188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:20.051841021 CET49743443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:20.052068949 CET49743443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:20.052079916 CET44349743188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:20.092660904 CET4974280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:20.416553974 CET4974480192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:20.421757936 CET8049744193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:20.421835899 CET4974480192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:20.422053099 CET4974480192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:20.426821947 CET8049744193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:20.622117996 CET44349743188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:20.624732971 CET49743443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:20.624752998 CET44349743188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:20.780740023 CET44349743188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:20.780802965 CET44349743188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:20.781250000 CET49743443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:20.781250000 CET49743443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:20.785043001 CET4974280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:20.786163092 CET4974580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:20.790076971 CET8049742193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:20.790152073 CET4974280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:20.790946007 CET8049745193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:20.791053057 CET4974580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:20.791117907 CET4974580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:20.795897961 CET8049745193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:21.108848095 CET8049744193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:21.112325907 CET4974480192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:21.117166042 CET8049744193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:21.305742979 CET8049744193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:21.344044924 CET49746443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:21.344096899 CET44349746188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:21.344166040 CET49746443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:21.348071098 CET49746443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:21.348102093 CET44349746188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:21.352622032 CET4974480192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:21.420569897 CET8049745193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:21.421891928 CET49747443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:21.421951056 CET44349747188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:21.422020912 CET49747443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:21.422286034 CET49747443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:21.422295094 CET44349747188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:21.463646889 CET4974580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:21.892693996 CET44349746188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:21.892780066 CET49746443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:21.894269943 CET49746443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:21.894293070 CET44349746188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:21.894577980 CET44349746188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:21.895679951 CET44349747188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:21.899250031 CET49747443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:21.899272919 CET44349747188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:21.938844919 CET49746443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:21.983331919 CET44349746188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:22.031867981 CET44349747188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:22.031940937 CET44349747188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:22.032006979 CET49747443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:22.032501936 CET49747443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:22.035635948 CET4974580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:22.040580034 CET8049745193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:22.043257952 CET4974580192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:22.044356108 CET4974880192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:22.049144983 CET8049748193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:22.051718950 CET4974880192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:22.051785946 CET4974880192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:22.055077076 CET44349746188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:22.055138111 CET44349746188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:22.055202007 CET49746443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:22.056508064 CET8049748193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:22.057740927 CET49746443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:22.060858011 CET4974480192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:22.065709114 CET8049744193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:22.246414900 CET8049744193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:22.256762028 CET49749443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:22.256814003 CET44349749188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:22.256915092 CET49749443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:22.257249117 CET49749443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:22.257265091 CET44349749188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:22.294022083 CET4974480192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:22.628787041 CET8049748193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:22.630033016 CET49750443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:22.630073071 CET44349750188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:22.630148888 CET49750443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:22.630381107 CET49750443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:22.630394936 CET44349750188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:22.675601959 CET4974880192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:22.711741924 CET44349749188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:22.713438988 CET49749443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:22.713476896 CET44349749188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:22.858679056 CET44349749188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:22.858741045 CET44349749188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:22.858793974 CET49749443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:22.859190941 CET49749443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:22.862859011 CET4974480192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:22.864124060 CET4975180192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:22.868427992 CET8049744193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:02:22.868480921 CET4974480192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:02:22.869003057 CET8049751193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:22.869071960 CET4975180192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:22.869162083 CET4975180192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:22.874665022 CET8049751193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:23.101562977 CET44349750188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:23.103182077 CET49750443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:23.103203058 CET44349750188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:23.255764008 CET44349750188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:23.255831003 CET44349750188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:23.255882978 CET49750443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:23.256279945 CET49750443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:23.259736061 CET4974880192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:23.261068106 CET4975280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:23.264741898 CET8049748193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:23.264805079 CET4974880192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:23.265878916 CET8049752193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:23.265969992 CET4975280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:23.266052961 CET4975280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:23.270881891 CET8049752193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:23.344997883 CET8049751193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:23.346201897 CET49753443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:23.346239090 CET44349753188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:23.346313953 CET49753443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:23.346551895 CET49753443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:23.346565008 CET44349753188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:23.392613888 CET4975180192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:23.769535065 CET8049752193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:23.770828962 CET49754443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:23.770878077 CET44349754188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:23.771471977 CET49754443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:23.771739006 CET49754443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:23.771754980 CET44349754188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:23.822599888 CET4975280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:23.850970030 CET44349753188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:23.852931023 CET49753443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:23.852952003 CET44349753188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:23.984915018 CET44349753188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:23.985011101 CET44349753188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:23.985630035 CET49753443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:23.985888958 CET49753443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:23.990384102 CET4975580192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:23.996593952 CET8049755193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:23.996661901 CET4975580192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:23.996748924 CET4975580192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:24.002959013 CET8049755193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:24.226104975 CET44349754188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:24.231528997 CET49754443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:24.231556892 CET44349754188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:24.386702061 CET44349754188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:24.386773109 CET44349754188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:24.386826992 CET49754443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:24.387211084 CET49754443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:24.390511990 CET4975280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:24.391699076 CET4975680192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:24.395466089 CET8049752193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:24.395529985 CET4975280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:24.396480083 CET8049756193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:24.396567106 CET4975680192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:24.396652937 CET4975680192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:24.401464939 CET8049756193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:24.452522993 CET8049755193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:24.453820944 CET49757443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:24.453870058 CET44349757188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:24.453946114 CET49757443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:24.454200029 CET49757443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:24.454215050 CET44349757188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:24.507575035 CET4975580192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:24.872045040 CET8049756193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:24.873768091 CET49758443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:24.873820066 CET44349758188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:24.873985052 CET49758443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:24.874211073 CET49758443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:24.874219894 CET44349758188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:24.916610003 CET4975680192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:24.917694092 CET44349757188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:24.919301987 CET49757443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:24.919328928 CET44349757188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:25.076150894 CET44349757188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:25.076220989 CET44349757188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:25.076303005 CET49757443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:25.076770067 CET49757443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:25.080290079 CET4975580192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:25.081490993 CET4975980192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:25.085427046 CET8049755193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:25.085493088 CET4975580192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:25.086494923 CET8049759193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:25.086584091 CET4975980192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:25.086719036 CET4975980192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:25.091439009 CET8049759193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:25.356800079 CET44349758188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:25.358429909 CET49758443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:25.358445883 CET44349758188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:25.508428097 CET44349758188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:25.508497953 CET44349758188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:25.508569956 CET49758443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:25.508944035 CET49758443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:25.582890987 CET8049759193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:25.584101915 CET49760443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:25.584150076 CET44349760188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:25.584232092 CET49760443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:25.584445000 CET49760443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:25.584456921 CET44349760188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:25.633636951 CET4975980192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:26.050755024 CET44349760188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:26.052423954 CET49760443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:26.052459955 CET44349760188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:26.195529938 CET44349760188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:26.195596933 CET44349760188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:26.195741892 CET49760443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:26.196110010 CET49760443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:26.199527979 CET4975980192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:26.200783968 CET4976180192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:26.204551935 CET8049759193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:26.204665899 CET4975980192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:26.205693960 CET8049761193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:26.205822945 CET4976180192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:26.205889940 CET4976180192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:26.210684061 CET8049761193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:26.767163038 CET8049761193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:26.768404961 CET49762443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:26.768440962 CET44349762188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:26.768527031 CET49762443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:26.768759966 CET49762443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:26.768774986 CET44349762188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:26.813632011 CET4976180192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:27.243197918 CET44349762188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:27.245106936 CET49762443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:27.245138884 CET44349762188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:27.375849009 CET44349762188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:27.375909090 CET44349762188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:27.375967026 CET49762443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:27.376420975 CET49762443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:27.379743099 CET4976180192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:27.381021976 CET4976380192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:27.384680033 CET8049761193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:27.384736061 CET4976180192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:27.385842085 CET8049763193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:27.385912895 CET4976380192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:27.386003017 CET4976380192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:27.390759945 CET8049763193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:27.944905996 CET8049763193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:27.946135044 CET49764443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:27.946167946 CET44349764188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:27.946238995 CET49764443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:27.946471930 CET49764443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:27.946484089 CET44349764188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:27.994571924 CET4976380192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:28.405571938 CET44349764188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:28.407227993 CET49764443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:28.407246113 CET44349764188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:28.555572987 CET44349764188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:28.555641890 CET44349764188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:28.555691004 CET49764443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:28.556986094 CET49764443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:28.560508013 CET4976380192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:28.561676025 CET4976580192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:28.565574884 CET8049763193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:28.565648079 CET4976380192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:28.566494942 CET8049765193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:28.566592932 CET4976580192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:28.566704988 CET4976580192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:28.571466923 CET8049765193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:28.883923054 CET4976680192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:28.888890982 CET8049766193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:28.888972998 CET4976680192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:28.889183044 CET4976680192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:28.894006968 CET8049766193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:29.167030096 CET8049765193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:29.168406963 CET49767443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:29.168453932 CET44349767188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:29.168536901 CET49767443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:29.168796062 CET49767443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:29.168811083 CET44349767188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:29.209600925 CET4976580192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:29.624147892 CET44349767188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:29.625751019 CET49767443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:29.625787020 CET44349767188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:29.765945911 CET44349767188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:29.766006947 CET44349767188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:29.766062021 CET49767443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:29.766442060 CET49767443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:29.926017046 CET8049766193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:29.929765940 CET4976680192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:29.934607029 CET8049766193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:30.064976931 CET8049766193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:30.097532988 CET49768443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:30.097583055 CET44349768188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:30.097665071 CET49768443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:30.101449013 CET49768443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:30.101463079 CET44349768188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:30.118577957 CET4976680192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:30.556762934 CET44349768188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:30.556853056 CET49768443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:30.558254004 CET49768443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:30.558264017 CET44349768188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:30.558547974 CET44349768188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:30.603202105 CET49768443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:30.647336006 CET44349768188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:30.709434032 CET44349768188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:30.709495068 CET44349768188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:30.709641933 CET49768443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:30.715212107 CET49768443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:30.720112085 CET4976680192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:30.724961996 CET8049766193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:30.829582930 CET8049766193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:30.831437111 CET49769443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:30.831484079 CET44349769188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:30.831707954 CET49769443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:30.831996918 CET49769443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:30.832010984 CET44349769188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:30.884588003 CET4976680192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:31.287729025 CET44349769188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:31.290076017 CET49769443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:31.290097952 CET44349769188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:31.423731089 CET44349769188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:31.423830032 CET44349769188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:31.423893929 CET49769443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:31.424340010 CET49769443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:31.427875996 CET4976680192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:31.429104090 CET4977080192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:31.433702946 CET8049766193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:31.433758974 CET4976680192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:31.433962107 CET8049770193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:31.434026003 CET4977080192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:31.434106112 CET4977080192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:31.438847065 CET8049770193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:32.022121906 CET8049770193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:32.022291899 CET4977080192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:32.023367882 CET49771443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:32.023410082 CET44349771188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:32.023699045 CET49771443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:32.025499105 CET49771443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:32.025527000 CET44349771188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:32.027343035 CET8049770193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:32.027688980 CET4977080192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:32.481720924 CET44349771188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:32.483345985 CET49771443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:32.483371019 CET44349771188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:32.711626053 CET44349771188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:32.711694956 CET44349771188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:32.711744070 CET49771443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:32.712256908 CET49771443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:32.717849970 CET4977280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:32.722755909 CET8049772193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:32.722836971 CET4977280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:32.722929001 CET4977280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:32.727679014 CET8049772193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:33.321785927 CET8049772193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:33.373615026 CET4977280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:33.496001959 CET49773443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:33.496035099 CET44349773188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:33.496114016 CET49773443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:33.496386051 CET49773443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:33.496397972 CET44349773188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:33.991833925 CET44349773188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:33.993383884 CET49773443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:33.993416071 CET44349773188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:34.128577948 CET44349773188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:34.128635883 CET44349773188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:34.128694057 CET49773443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:34.129081011 CET49773443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:34.132350922 CET4977280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:34.133657932 CET4977480192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:34.137321949 CET8049772193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:34.137381077 CET4977280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:34.138411045 CET8049774193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:34.138493061 CET4977480192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:34.138571024 CET4977480192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:34.143301964 CET8049774193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:34.831274033 CET8049774193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:34.832508087 CET49775443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:34.832544088 CET44349775188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:34.832613945 CET49775443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:34.832856894 CET49775443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:34.832871914 CET44349775188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:34.875648022 CET4977480192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:35.340292931 CET44349775188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:35.342407942 CET49775443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:35.342441082 CET44349775188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:35.492055893 CET44349775188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:35.492124081 CET44349775188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:35.492166996 CET49775443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:35.492537022 CET49775443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:35.495763063 CET4977480192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:35.496927977 CET4977780192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:35.502800941 CET8049774193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:35.502878904 CET4977480192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:35.503690004 CET8049777193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:35.503771067 CET4977780192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:35.503869057 CET4977780192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:35.508949995 CET8049777193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:35.999098063 CET8049777193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:36.000380039 CET49778443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:36.000425100 CET44349778188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:36.000494003 CET49778443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:36.000754118 CET49778443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:36.000763893 CET44349778188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:36.053608894 CET4977780192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:36.457937956 CET44349778188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:36.459512949 CET49778443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:36.459541082 CET44349778188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:36.606050014 CET44349778188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:36.606106997 CET44349778188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:36.606245041 CET49778443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:36.606508017 CET49778443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:36.609720945 CET4977780192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:36.610882998 CET4977980192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:36.614658117 CET8049777193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:36.614710093 CET4977780192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:36.615726948 CET8049779193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:36.616077900 CET4977980192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:36.616218090 CET4977980192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:36.621043921 CET8049779193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:37.070738077 CET8049779193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:37.072002888 CET49781443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:37.072045088 CET44349781188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:37.072127104 CET49781443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:37.072403908 CET49781443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:37.072417021 CET44349781188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:37.123620033 CET4977980192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:37.528084993 CET44349781188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:37.529690027 CET49781443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:37.529706001 CET44349781188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:37.667526007 CET44349781188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:37.667598963 CET44349781188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:37.667658091 CET49781443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:37.668040037 CET49781443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:37.671335936 CET4977980192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:37.672419071 CET4978280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:37.676343918 CET8049779193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:37.676393032 CET4977980192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:37.677200079 CET8049782193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:37.677289963 CET4978280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:37.677372932 CET4978280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:37.682131052 CET8049782193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:38.510792971 CET8049782193.122.130.0192.168.2.18
                                        Jan 7, 2025 14:02:38.512233973 CET49783443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:38.512280941 CET44349783188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:38.512381077 CET49783443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:38.512705088 CET49783443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:38.512721062 CET44349783188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:38.559642076 CET4978280192.168.2.18193.122.130.0
                                        Jan 7, 2025 14:02:38.995903969 CET44349783188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:38.997678995 CET49783443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:38.997709036 CET44349783188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:39.133408070 CET44349783188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:39.133469105 CET44349783188.114.97.3192.168.2.18
                                        Jan 7, 2025 14:02:39.133594036 CET49783443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:02:39.134020090 CET49783443192.168.2.18188.114.97.3
                                        Jan 7, 2025 14:03:05.666760921 CET8049710193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:03:05.666867018 CET4971080192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:03:12.111716986 CET8049722193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:03:12.111769915 CET4972280192.168.2.18193.122.6.168
                                        Jan 7, 2025 14:03:14.556459904 CET8049727193.122.6.168192.168.2.18
                                        Jan 7, 2025 14:03:14.556530952 CET4972780192.168.2.18193.122.6.168

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Jan 7, 2025 14:01:56.705761909 CET6433653192.168.2.181.1.1.1
                                        Jan 7, 2025 14:01:56.712439060 CET53643361.1.1.1192.168.2.18
                                        Jan 7, 2025 14:01:58.496840000 CET5301353192.168.2.181.1.1.1
                                        Jan 7, 2025 14:01:58.503623962 CET53530131.1.1.1192.168.2.18
                                        Jan 7, 2025 14:02:22.036209106 CET5250553192.168.2.181.1.1.1
                                        Jan 7, 2025 14:02:22.043195009 CET53525051.1.1.1192.168.2.18

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Jan 7, 2025 14:01:56.705761909 CET192.168.2.181.1.1.10xcc30Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                        Jan 7, 2025 14:01:58.496840000 CET192.168.2.181.1.1.10x415fStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                        Jan 7, 2025 14:02:22.036209106 CET192.168.2.181.1.1.10x5a37Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Jan 7, 2025 14:01:56.712439060 CET1.1.1.1192.168.2.180xcc30No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                        Jan 7, 2025 14:01:56.712439060 CET1.1.1.1192.168.2.180xcc30No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                        Jan 7, 2025 14:01:56.712439060 CET1.1.1.1192.168.2.180xcc30No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                        Jan 7, 2025 14:01:56.712439060 CET1.1.1.1192.168.2.180xcc30No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                        Jan 7, 2025 14:01:56.712439060 CET1.1.1.1192.168.2.180xcc30No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                        Jan 7, 2025 14:01:56.712439060 CET1.1.1.1192.168.2.180xcc30No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                        Jan 7, 2025 14:01:58.503623962 CET1.1.1.1192.168.2.180x415fNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                        Jan 7, 2025 14:01:58.503623962 CET1.1.1.1192.168.2.180x415fNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                        Jan 7, 2025 14:02:22.043195009 CET1.1.1.1192.168.2.180x5a37No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                        Jan 7, 2025 14:02:22.043195009 CET1.1.1.1192.168.2.180x5a37No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                        Jan 7, 2025 14:02:22.043195009 CET1.1.1.1192.168.2.180x5a37No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                        Jan 7, 2025 14:02:22.043195009 CET1.1.1.1192.168.2.180x5a37No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                        Jan 7, 2025 14:02:22.043195009 CET1.1.1.1192.168.2.180x5a37No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                        Jan 7, 2025 14:02:22.043195009 CET1.1.1.1192.168.2.180x5a37No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • reallyfreegeoip.org
                                        • checkip.dyndns.org

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.1849707193.122.6.168806864C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:01:56.722841978 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:01:58.266264915 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:01:57 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                        Jan 7, 2025 14:01:58.266598940 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:01:57 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                        Jan 7, 2025 14:01:58.266882896 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:01:57 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                        Jan 7, 2025 14:01:58.267277002 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:01:57 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                        Jan 7, 2025 14:01:58.270286083 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:01:58.456536055 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:01:58 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                        Jan 7, 2025 14:01:59.157268047 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:01:59.406440973 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:01:59 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.1849710193.122.6.168806864C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:00.031929016 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:02:00.669891119 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:00 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.1849712193.122.6.168806864C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:01.279412985 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:01.925554991 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:01 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.1849714193.122.6.168806864C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:02.592513084 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:03.216233969 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:03 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.1849716193.122.6.168806864C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:03.818759918 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:04.445358992 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:04 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        5192.168.2.1849718193.122.6.168806864C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:05.144530058 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:05.828253984 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:05 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        6192.168.2.1849719193.122.6.168801940C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:05.246720076 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:05.904905081 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:05 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                        Jan 7, 2025 14:02:05.908328056 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:02:06.100987911 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:06 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                        Jan 7, 2025 14:02:06.770849943 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:02:06.973578930 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:06 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        7192.168.2.1849722193.122.6.168806864C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:06.460551023 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:07.111571074 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:07 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        8192.168.2.1849725193.122.6.168801940C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:07.639748096 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:02:08.294661999 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:08 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        9192.168.2.1849727193.122.6.168801940C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:08.912718058 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:02:09.556632996 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:09 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        10192.168.2.1849729193.122.6.168801940C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:10.205096960 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:10.831182003 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:10 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        11192.168.2.1849731193.122.6.168801940C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:11.483297110 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:12.138329029 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:12 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        12192.168.2.1849733193.122.6.168801940C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:12.747528076 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:13.382684946 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:13 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        13192.168.2.1849735193.122.6.168801940C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:14.007363081 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:14.675405979 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:14 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        14192.168.2.1849737193.122.6.168803184C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:15.391864061 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:16.350814104 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:16 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                        Jan 7, 2025 14:02:16.354557991 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:02:16.541753054 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:16 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                        Jan 7, 2025 14:02:17.316756010 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:02:17.504571915 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:17 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        15192.168.2.1849740193.122.6.168803184C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:18.140317917 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:02:18.776488066 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:18 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        16192.168.2.1849742193.122.6.168803184C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:19.397754908 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:20.050287962 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:19 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        17192.168.2.1849744193.122.6.168804404C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:20.422053099 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:21.108848095 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:21 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                        Jan 7, 2025 14:02:21.112325907 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:02:21.305742979 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:21 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                        Jan 7, 2025 14:02:22.060858011 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:02:22.246414900 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:22 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        18192.168.2.1849745193.122.6.168803184C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:20.791117907 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:21.420569897 CET273INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:21 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        19192.168.2.1849748193.122.130.0803184C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:22.051785946 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:22.628787041 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:22 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: 6cbc47d8a02d9bba7e47592bd5ebe87b
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        20192.168.2.1849751193.122.130.0804404C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:22.869162083 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:02:23.344997883 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:23 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: 2e4ed36dd55885a55d7bee777e18c4d9
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        21192.168.2.1849752193.122.130.0803184C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:23.266052961 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:23.769535065 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:23 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: 7f8201eafa90476d4e5d2b98fb57f2ec
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        22192.168.2.1849755193.122.130.0804404C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:23.996748924 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:24.452522993 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:24 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: a8ffe4f7f683c916998f62f6478fd23b
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        23192.168.2.1849756193.122.130.0803184C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:24.396652937 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:24.872045040 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:24 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: 2b90e72e81b2d68a8a1d9d12295195bd
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        24192.168.2.1849759193.122.130.0804404C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:25.086719036 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:25.582890987 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:25 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: 671cd0fcf3a48a85cb7c1cd0ace3a898
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        25192.168.2.1849761193.122.130.0804404C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:26.205889940 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:26.767163038 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:26 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: e25d4f694c8736fa53089f6c9f88db6f
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        26192.168.2.1849763193.122.130.0804404C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:27.386003017 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:27.944905996 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:27 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: 7a727ec4187b1136e3f31bd10ed2eec3
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        27192.168.2.1849765193.122.130.0804404C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:28.566704988 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:29.167030096 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:29 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: c1a878d7ea1a73d8dccc2aaca35ea53a
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        28192.168.2.1849766193.122.130.0806608C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:28.889183044 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:29.926017046 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:29 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: 23b8cdd653da0a69e9f21a384250c22a
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                        Jan 7, 2025 14:02:29.929765940 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:02:30.064976931 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:30 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: bd247d5ebaf723ef26a2b9d6c67ead74
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                        Jan 7, 2025 14:02:30.720112085 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:02:30.829582930 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:30 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: 3be142b60a0c2ae959764bb51f237c30
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        29192.168.2.1849770193.122.130.0806608C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:31.434106112 CET127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Jan 7, 2025 14:02:32.022121906 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:31 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: 8c664d77adfe5b837c1ca43fb25dec23
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        30192.168.2.1849772193.122.130.0806608C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:32.722929001 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:33.321785927 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:33 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: b4f8ff39a99a6aeb199775caef5a5579
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        31192.168.2.1849774193.122.130.0806608C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:34.138571024 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:34.831274033 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:34 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: 798417ebc42fea25662e6bfdc0be97ee
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        32192.168.2.1849777193.122.130.0806608C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:35.503869057 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:35.999098063 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:35 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: 5d57c742d26f7ba55d07f4b89123ae8f
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        33192.168.2.1849779193.122.130.0806608C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:36.616218090 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:37.070738077 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:37 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: 57f673c04272e7f47f818c224000a1c3
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        34192.168.2.1849782193.122.130.0806608C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        Jan 7, 2025 14:02:37.677372932 CET151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Jan 7, 2025 14:02:38.510792971 CET321INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:38 GMT
                                        Content-Type: text/html
                                        Content-Length: 104
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        X-Request-ID: 8247ed86712583ef6a3feffb3950c7fc
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                        HTTPS Proxied Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.1849708188.114.97.34436864C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:01:59 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:01:59 UTC859INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:01:59 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569708
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dwv%2F8V5CwIlD55Ym8xruleQUbMpVybIEKrgBSvz9ti0mn%2FuHCaXxKmMQmHDJ65WhDXE2OxgFl2dlm%2BNLNcmn7sDY6xq1Xl%2BEFYdBW4rK4WMkq3TWitP8FQSgVwg0c8ryvnm%2BvM4z"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe423bc5dcff793-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1474&min_rtt=1471&rtt_var=558&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1950567&cwnd=152&unsent_bytes=0&cid=92f2e49ad2b3a61c&ts=170&x=0"
                                        2025-01-07 13:01:59 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.1849709188.114.97.34436864C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:01:59 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        2025-01-07 13:02:00 UTC859INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:01:59 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569709
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=evQx23IjC2LTsh%2FYzzfR4BFIM5r37AF0w6UuZlETCR7IxGwMKu8sK7mWsfc6TAe%2B1ey%2BRqhHCOEa7ggF7RdEpJzaAQopBHHdRJ%2F4F89nk8Kylyum9v0yet9W9AybFkg6Y3DL4%2Bja"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe423c1d8cc8c29-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1793&min_rtt=1783&rtt_var=688&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1567364&cwnd=188&unsent_bytes=0&cid=3583d3a10ea0d862&ts=151&x=0"
                                        2025-01-07 13:02:00 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.1849711188.114.97.34436864C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:01 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:01 UTC855INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:01 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569710
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qIuatAYplIQCnb5K3GSMASpIiQxA%2BpP40JDWt2Nl47N1HjoNuSIjIs4zSzgoZLrO5lhs7zAXBTwdq67cKHU8hvbdbpmE4cXNiEE5WASppqi2k%2By4L1TI0C%2F2F8IdLl1xloX2urOv"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe423c98e7d8c24-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1781&min_rtt=1777&rtt_var=676&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1608815&cwnd=141&unsent_bytes=0&cid=923abb42d45d4f79&ts=146&x=0"
                                        2025-01-07 13:02:01 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.1849713188.114.97.34436864C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:02 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:02 UTC869INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:02 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569711
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5oeZlQRuFwQq05opZ%2BAanaBa%2BEgqQ%2F%2FVaZ999k%2Fk4Wg%2FSqey%2Bx8GZXg6%2BFIaNvVYc%2BqaLHRkH8Murtr25w8h6XqhFUzw2jS0SBelY86iAddmc%2B8RpubbcQNO3OJ3u1iQ9jC4TKRJ"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe423d1887042e2-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=2161&min_rtt=2158&rtt_var=817&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1333942&cwnd=187&unsent_bytes=0&cid=cbc10ec8371f1fc3&ts=155&x=0"
                                        2025-01-07 13:02:02 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.1849715188.114.97.34436864C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:03 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:03 UTC859INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:03 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569712
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3v%2F6S2B%2FxIi7HtSCQk%2BV%2FeLqXVn3gd9fKTLNLuXs3qFAG1nk3dFsRS99jkdVEwvyPUVucPrOcN7KghtQr1xIIR1Lj5qePftOCXE86yALmg8EZZQZx0Sjjxjc8KiInJi%2F1vDjeBbq"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe423d97e8c8ce0-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=2013&min_rtt=2012&rtt_var=758&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1440552&cwnd=211&unsent_bytes=0&cid=f91b266f7752ec16&ts=140&x=0"
                                        2025-01-07 13:02:03 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        5192.168.2.1849717188.114.97.34436864C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:04 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:05 UTC859INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:05 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569714
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kHHrwfsPj6WWH1vpTAhOZBR8GOkyopd9YsmAEopZtjy3F1CDR0bh3sXKk1fPlK%2FGDVm6Z3lZaOuvz0sy6dKEC4P1emExLJtalUGjbQqWV1GV%2FE%2B%2FfIBYSLzW4SiY%2F8FwThYPqWrS"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe423e1593c8c93-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1817&min_rtt=1808&rtt_var=697&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1548250&cwnd=192&unsent_bytes=0&cid=439e1a0005c66ee5&ts=172&x=0"
                                        2025-01-07 13:02:05 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        6192.168.2.1849720188.114.97.34436864C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:06 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:06 UTC849INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:06 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569715
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oHH9UsRPsVOkgF0VKnMRsPV74MdYLBxUbdtrSW5MZdntf2e1q8dXRp8VWcD0Pgu0whFCq49QQKEHn9TJFfP99LT8wy4JjhfcSYiKQZFeQFZhIBucDszoNIA4AS7GFnPx91MIdRMD"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe423e9ffef1921-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1815&min_rtt=1534&rtt_var=776&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1903520&cwnd=139&unsent_bytes=0&cid=88beed521021e31d&ts=160&x=0"
                                        2025-01-07 13:02:06 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        7192.168.2.1849721188.114.97.34431940C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:06 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:06 UTC855INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:06 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569715
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m7%2FOLMavW7T8e0OZjzo6eJ5D1BXASA6kZAeVoDVmXrK1yAbPhBcPXCZ9IQgg4TOvmc3mIjkas5oQO%2F5Mr5MLXdFojmPQWBkfcNjVdxdHZRYr%2BnulNOHpLn1kG9S852bZ3SzYg3jW"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe423ebf93d43cf-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1597&min_rtt=1582&rtt_var=623&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1714621&cwnd=179&unsent_bytes=0&cid=6c71bfe05c9b8867&ts=176&x=0"
                                        2025-01-07 13:02:06 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        8192.168.2.1849723188.114.97.34431940C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:07 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        2025-01-07 13:02:07 UTC857INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:07 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569716
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZJbiZvvEjRBiQVP6OKFHJTKraa5OXtpZPdv3cdvzLHAADAwYlrbUqOB8o4yINXnWDUJ%2FUZY%2FNZggxgicgzrPN0JZqryykNEq9Y%2FhPqhiV8%2FllDP33sei9q8d78G5OpUZHVN7vV7Z"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe423f118194241-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1715&min_rtt=1714&rtt_var=646&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1689814&cwnd=203&unsent_bytes=0&cid=47cd666cfc997ac0&ts=144&x=0"
                                        2025-01-07 13:02:07 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        9192.168.2.1849724188.114.97.34436864C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:07 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:07 UTC857INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:07 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569716
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PY2qHjTxSEeUeTub0KFkzCTJ0M11Gww6sQB9wbhqnjC59gBV9xlImd4wDMU0DF7OIHZKdAXDyMsl8ejbsQIqULACzCU7lGd4%2BJwd5O%2FIrloQCBmIAfja6IJbU%2BD%2B84UTAHDukm9I"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe423f218fb43c8-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1583&min_rtt=1572&rtt_var=611&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1759036&cwnd=192&unsent_bytes=0&cid=f763657b82caa91b&ts=171&x=0"
                                        2025-01-07 13:02:07 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        10192.168.2.1849726188.114.97.34431940C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:08 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:08 UTC859INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:08 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569717
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wW3sTU5G163nK%2FSlGpN5mu8%2FgK6AEi%2FJNB%2FaLHmWr0uUU7G6lavuVj3x0a2Ghnp4S8plk2rY%2FIrWigyCOWg3yLZS1cgBIBOSVnCXBPdEYIy2VO6AdcOfZjz71KgkmpZlX3k3x1Fx"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe423f94fdd1a07-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=2045&min_rtt=2035&rtt_var=783&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1380614&cwnd=245&unsent_bytes=0&cid=6d244c683a0ec122&ts=154&x=0"
                                        2025-01-07 13:02:08 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        11192.168.2.1849728188.114.97.34431940C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:10 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:10 UTC858INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:10 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569719
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qk0I7j81yo1%2FaBq4Gq1RS3XrffOHcILiqlxpKaTm1iW47s2%2FvDlKIdXi009IDXKkTKIwlfAciyFO5yr239MYVNwMPKMzSYA8MKvpN6BQeJec%2BWdYj9KQGyc89l%2BhWnZ0QXD9uLGp"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe424016991de99-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=7838&min_rtt=1524&rtt_var=4458&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1916010&cwnd=217&unsent_bytes=0&cid=2f70f0fface9faba&ts=155&x=0"
                                        2025-01-07 13:02:10 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        12192.168.2.1849730188.114.97.34431940C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:11 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:11 UTC855INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:11 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569720
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p32bp48wdoileZ1GyhfmANIz4fcg7n2Tb10u9HqP0V36035wZ32Jpd%2B9sAP9slf6Q55PGa7qNCrljOHAtUi0CwlLFAkioFk%2FUsgUnGiyEANnjV%2BcW0PSOawKSOYWYrhvBMTYpxRT"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe4240958ea43f2-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1622&min_rtt=1606&rtt_var=635&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1681059&cwnd=207&unsent_bytes=0&cid=57c0ea8a88c5ca36&ts=157&x=0"
                                        2025-01-07 13:02:11 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        13192.168.2.1849732188.114.97.34431940C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:12 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:12 UTC855INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:12 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569721
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0T6FBiWkV6mgCz4QqzTyN6BLiF9QhqKxH0eyi51CWpbJuNZWQSLDiy5mw6pBpWjXHZvtwNjN03Pan%2Fs5670Ex%2FooqANjNuvs3UQTlrxhcLA5VTpLkExuowckg1oUj%2BYb3sIfimyB"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe4241139f8431f-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1675&min_rtt=1671&rtt_var=634&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1714621&cwnd=250&unsent_bytes=0&cid=a8d7d1c34a3c7d6e&ts=143&x=0"
                                        2025-01-07 13:02:12 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        14192.168.2.1849734188.114.97.34431940C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:13 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:13 UTC860INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:13 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569723
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d%2FRw6HohVL9flyQpE9fjn4mMw%2FN%2FkycrJSWz0p0pdb6InkIaOAtxmvokafJd%2Bft2%2FAa5wyPD3OrzNckdMb2uMCv7gsUBWSm1AIqljsnbANBMRxvlGBXQSF4kG9Qodd1CjW8%2FDovM"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe424192af84408-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1775&min_rtt=1582&rtt_var=981&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=932014&cwnd=206&unsent_bytes=0&cid=fee10ef66f9b16af&ts=159&x=0"
                                        2025-01-07 13:02:13 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        15192.168.2.1849736188.114.97.34431940C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:15 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:15 UTC860INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:15 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569724
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TNK1F3H9O16KhAIEzueSUqXrEbgQ5i%2F5QjuKCE2KWA76BHL5odnKnJIq9mqDlXHB%2BNEx9ygihgvtKfAiTWM%2BUe9rwUnz4Vd%2FuoNN70kTftX3%2FOcueGgy%2FlhKbd0vJnnvHC9xoVLy"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe424213cb24397-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1584&min_rtt=1577&rtt_var=606&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1785932&cwnd=79&unsent_bytes=0&cid=034655ca63580445&ts=147&x=0"
                                        2025-01-07 13:02:15 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        16192.168.2.1849738188.114.97.34433184C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:17 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:17 UTC858INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:17 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569726
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UWWJO4ZKaW%2Br1Gwzge0lF3kd%2F0e7NVfRqXL8vbBHKAz1oU%2B01Q%2BYqltI0Ar0RhhWPcnM08QimZmf8PYmrMw8aX3HQneAWOZqvMP7YnWPeLuku5a3h4L%2Bx14aWvmN4M6Qktj1hPDI"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe4242d7c3b4273-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1731&min_rtt=1718&rtt_var=671&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1598248&cwnd=32&unsent_bytes=0&cid=26099d8259e66992&ts=172&x=0"
                                        2025-01-07 13:02:17 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        17192.168.2.1849739188.114.97.34433184C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:17 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        2025-01-07 13:02:18 UTC849INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:18 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569727
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O3R8Ct04dG59EO0CZMDaJkH8zvrJBToah1SZKl7Yw4s9xT7yuuV99Ta0I620yIyly8EbsjWBkEO3imBuPebBcFhptN5MkUOl0Ia2GdQckWHDi0k319bpZuOKueKKxyHBo3FxwPlK"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe42432ed8b19c3-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=2020&min_rtt=2016&rtt_var=765&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1421616&cwnd=148&unsent_bytes=0&cid=8e4dfeef314d7ed5&ts=156&x=0"
                                        2025-01-07 13:02:18 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        18192.168.2.1849741188.114.97.34433184C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:19 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:19 UTC857INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:19 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569728
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VLMjV3Qu8AwjbJkYpijuggWtCrnvz74hko6kKLGGycgq%2F2QwETgcXef%2FjI7XGzJBNL8xncOCoRcqkaZyITNKjB6PTmvYe%2FFtZuY2%2FrYpHf5QoP1jpjHHrGooClNon5G2rSarcd44"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe4243ad9864399-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1601&min_rtt=1593&rtt_var=615&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1754807&cwnd=225&unsent_bytes=0&cid=f703d36f74f696f8&ts=143&x=0"
                                        2025-01-07 13:02:19 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        19192.168.2.1849743188.114.97.34433184C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:20 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:20 UTC862INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:20 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569729
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3q1w92yWtBtGbz188MJydy1DWLrlKanGXADXgI6lRIlg0ry8LHEw7f%2B3oHX7vsVa7yjcT0bKPR%2F2lp%2F1NKWUrdB02Buq7IhWZ8nG4ls1GYt%2BZONcLDaz63EdobgecbCQp%2BdiTmjM"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe424437cd04303-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=22802&min_rtt=1629&rtt_var=13266&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1792510&cwnd=219&unsent_bytes=0&cid=1817c02e7157ed2d&ts=163&x=0"
                                        2025-01-07 13:02:20 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        20192.168.2.1849747188.114.97.34433184C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:21 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:22 UTC861INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:21 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569731
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=40wUXBsC1zyBK91Ci%2BU6SWeKNFK1HIhxwBY0oSNkThidsYpodHPJMnDJewxq%2F8LlUH82H%2FI85aZ5%2Bsh%2F2grqwBkwjyupzFn40f9Cw5JciFQRDT120Ifxa6jP9cd1y%2FatVLeLy0Eo"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe4244b5d5a0fa9-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1595&min_rtt=1593&rtt_var=603&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1808049&cwnd=252&unsent_bytes=0&cid=69559e065638056d&ts=141&x=0"
                                        2025-01-07 13:02:22 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        21192.168.2.1849746188.114.97.34434404C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:21 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:22 UTC870INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:22 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569731
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BcvP%2FGIpkYDubmAuJViWQRs%2BBe52OTJ29jRi8wj0tfMIp228o33rDN0B8R%2FSy9C19%2Fgo13fklM1BlwU5aW%2BkahuKr9Aq%2B8BM%2BO0ggbJrMYTK6SGTlbG2KW15nm9gRBYq%2F%2Bw9rJh2"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe4244b7bd12369-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=2598&min_rtt=1922&rtt_var=1204&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1519250&cwnd=142&unsent_bytes=0&cid=df3696fa84b815e8&ts=238&x=0"
                                        2025-01-07 13:02:22 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        22192.168.2.1849749188.114.97.34434404C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:22 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        2025-01-07 13:02:22 UTC855INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:22 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569731
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k3tRxlYdX10cv4vXBkkOoKc3oixEXTc7LmrzpRUqPsWcVJ9tEEA2IG0S2%2Fb9EEjj0pDDjX2Yec1YZLmS4cFPChohg7Mde6gGe3wuhi3VbClUyCC0%2Fi6%2BXrq4EQEQizg55wS95S7o"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe424508a980fa9-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1632&min_rtt=1631&rtt_var=614&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1777236&cwnd=252&unsent_bytes=0&cid=a5791d05abc3bece&ts=151&x=0"
                                        2025-01-07 13:02:22 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        23192.168.2.1849750188.114.97.34433184C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:23 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:23 UTC855INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:23 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569732
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Z1bSJfXaPyacACM3iMKi2JkzEZvpAC%2BppbmLxZwBFKsELOzL15maHUFRII7kZ0PEvXuuqF8lRPf%2FelLsYuETlW1cWAyUasnNUKdNF5QPULl%2FVubcL43B542onh9v0rsifCjU0lS"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe42452fce9427f-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1690&min_rtt=1684&rtt_var=645&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1680092&cwnd=239&unsent_bytes=0&cid=e54954fac853a5ff&ts=158&x=0"
                                        2025-01-07 13:02:23 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        24192.168.2.1849753188.114.97.34434404C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:23 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:23 UTC855INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:23 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569733
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fKi6EZPjaBoHUIUlhCcoU9jQYFMJBwrYtzbiZKkCuj7fVkgVXfooQZlF%2Fz9Do9TyrCw4HiPxqwHPwqeFQ2boPf5lXxLndbD2D3XsSMQRFBSxIaWYbRb4lo6zoSqHijK%2FhAHxRM%2Fg"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe424578ad04234-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1783&min_rtt=1772&rtt_var=686&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1569048&cwnd=172&unsent_bytes=0&cid=747e8163a1329e8c&ts=137&x=0"
                                        2025-01-07 13:02:23 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        25192.168.2.1849754188.114.97.34433184C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:24 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:24 UTC855INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:24 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569733
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iBjb9srUHMseYWU9Q7AabOvz%2FzQVIAcyfWZMAlymPuSp6wlnlMlAf5SfYOd%2FIP1cweGop1bD6vDvDql2400Dhn4Jgyxyizq2jx%2BuTnrLLPdvOkg38k64Zvjgk1g2Ftpd4DnJBcx2"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe4245a0dd30cc2-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1703&min_rtt=1703&rtt_var=639&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1712609&cwnd=176&unsent_bytes=0&cid=5fb7ec976ae41c84&ts=164&x=0"
                                        2025-01-07 13:02:24 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        26192.168.2.1849757188.114.97.34434404C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:24 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:25 UTC855INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:25 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569734
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x1mCvxIP%2Fv%2Bwp4HA2DNG1hLcTf0pQpvBXPgP6pNibfPTuBkms2htVpDRgCiTs50Pw5ZZwOZzd4vqFxY%2FP1gy8MqlnIPwtsmJdQzYq4I9mQvZGw7z64BmIpOdM3YzmPfWWUkN69U5"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe4245e4a7c433f-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=2084&min_rtt=2081&rtt_var=783&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1403171&cwnd=222&unsent_bytes=0&cid=5de688199fa05ea8&ts=163&x=0"
                                        2025-01-07 13:02:25 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        27192.168.2.1849758188.114.97.34433184C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:25 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:25 UTC851INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:25 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569734
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pTT3XDX3fQ1eO7jIq7G8DDyRgDOLiMVAxtx6gdGY9lyQufMGqYcOkXb1mlG8cDjxcfdyDeZoxFOK%2Bh67w8dkj8o9cySgjhERr5i0g82s7ebDFlwpI0qws65Li12XPyX9wzgzUuu3"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe424611c740cc2-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1682&min_rtt=1675&rtt_var=643&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1682027&cwnd=176&unsent_bytes=0&cid=353f7f27cfd6b905&ts=156&x=0"
                                        2025-01-07 13:02:25 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        28192.168.2.1849760188.114.97.34434404C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:26 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:26 UTC861INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:26 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569735
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B6h%2B6eTjyUVpk5AqAOQUY2qO0UpaTzs%2Bxz6Gf38%2BydHfB6kAADKaqksxsQmQpO90%2BoNuGZzQ5SEe%2B4jvEp2dltnXcBaDT4QabiddQq2vEZ8Fs6koi7zx0jnbqIXhLLXMATWMeAvD"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe424656fd243d5-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=2177&min_rtt=2077&rtt_var=850&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1405873&cwnd=241&unsent_bytes=0&cid=cff21fba8bd052c7&ts=151&x=0"
                                        2025-01-07 13:02:26 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        29192.168.2.1849762188.114.97.34434404C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:27 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:27 UTC855INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:27 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569736
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=01kfXpzHgpEzNw8qv5CIER2m6%2Fpz9bvNngLiPMvdazI62Oho3NNGSjTxX9MLy2L%2BjCxEkjion7l1dTdzaUiNYsr6f7rTfFEexMnV7%2FWBzl1EhENj8cYSrChq5M8iaBauTYQbyC9M"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe4246cbb190fa1-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1508&min_rtt=1487&rtt_var=572&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1963685&cwnd=252&unsent_bytes=0&cid=bed1538d4f9be345&ts=138&x=0"
                                        2025-01-07 13:02:27 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        30192.168.2.1849764188.114.97.34434404C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:28 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:28 UTC859INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:28 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569737
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2CtZ%2BH2FCvxFnYrVxEoJc4%2BGKbfA6SilCoXM%2BXtilz8e8sU6FKIUPv%2FknSDJLu19oDVmyuiuDpubuF3Z7rj91dHf%2BVy7XcURmWU2Ci5SXKbckNqVmS6yTgGXf0FkwylF8IQAjtGu"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe424742d5fc3ee-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1481&min_rtt=1476&rtt_var=564&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1921052&cwnd=247&unsent_bytes=0&cid=895b6982ba0a9725&ts=155&x=0"
                                        2025-01-07 13:02:28 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        31192.168.2.1849767188.114.97.34434404C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:29 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:29 UTC857INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:29 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569738
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ycfI32JRLyOLBNiqUkkHZ8xnuRLgxNoVr3%2BJZ4A49joI%2Bp1kZ20JXT5OKZ6rQPKiL%2BRTtjp3KBQd8T7M1rKdVM32ZPQnfmYp2PbqVs%2Fev8RKy1iN6n4V7DnKzJEKxlHuVfsyKasp"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe4247bace57c81-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1769&min_rtt=1757&rtt_var=683&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1575822&cwnd=241&unsent_bytes=0&cid=9eade9b66bc6da6f&ts=147&x=0"
                                        2025-01-07 13:02:29 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        32192.168.2.1849768188.114.97.34436608C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:30 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:30 UTC857INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:30 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569739
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QPRETTQjCQcMHCdgaICq2qVfu53yLqduEdQwEHTx9ktGRLvfw1Ob3gzPyW%2Bx9IelYhVegM0SBx%2BZCSCpACpp1Y4DpGTThkgmhlQGkh25Ns6PkytPK%2FwQFHoW7lFTvfg25NN%2BRN48"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe424819f6443d6-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1746&min_rtt=1743&rtt_var=659&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1652518&cwnd=248&unsent_bytes=0&cid=43711b2e61356a2f&ts=158&x=0"
                                        2025-01-07 13:02:30 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        33192.168.2.1849769188.114.97.34436608C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:31 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        2025-01-07 13:02:31 UTC867INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:31 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569740
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ajoks1OcSt%2BBO2MlnZeujnlH%2FBB8FqAWplnJV4rpQzfguy5bNCO%2BmWWqMxl%2B3Pd7Epsa%2FTGY%2BTHlfeCw0CPXD%2BcS4WQnD%2BTW8DtzNcHxlKiPZWIqtwZYdao2KXTHms9wnMftA0%2Bk"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe424860a2c8ce6-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1943&min_rtt=1942&rtt_var=730&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1495901&cwnd=162&unsent_bytes=0&cid=37a14563a9bd6013&ts=140&x=0"
                                        2025-01-07 13:02:31 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        34192.168.2.1849771188.114.97.34436608C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:32 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:32 UTC861INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:32 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569741
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GpwPTyAw0EwO7i4qfFYX25ux7P4aaYF9m%2FKwQJpHjnvfKcUj5%2B168eRpi9o2XDhTVONncW1TPkRq0IKEikRCVShxe%2Bx3JPie9HrzS3YjTB%2BBBd8A%2B8ktpYCcO4Qnv3CHW%2Bt3Pg08"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe4248ddc887287-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1973&min_rtt=1966&rtt_var=751&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1443400&cwnd=191&unsent_bytes=0&cid=9d4f33ea72f29f14&ts=195&x=0"
                                        2025-01-07 13:02:32 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        35192.168.2.1849773188.114.97.34436608C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:33 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:34 UTC861INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:34 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569743
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3zmLu9hKr3WnKLCeDsJN8nyit1k1dGmRWXwAZ8SGfJit8m6V0ueF%2B0jYXopPaDLMX8CIm3ziDDh%2FH%2BS%2BU6cXlLZ9%2FRwSvk0wCSgl3SDHHdsHFZbgV9qh%2BBclzFqxw6TKkxnwhzrO"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe42496eb760cc0-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1711&min_rtt=1701&rtt_var=645&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1716637&cwnd=218&unsent_bytes=0&cid=ab6e66075caeb5e2&ts=141&x=0"
                                        2025-01-07 13:02:34 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        36192.168.2.1849775188.114.97.34436608C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:35 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:35 UTC857INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:35 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569744
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ba7oX6TQLGXxrHzkmzieb25E63PmehpS8n%2BDB%2Fb6l0NJmBbwaKxlZJJupPyTXoUwgRhT4UpnCEOaevBt2mvvuiVQydaOkSfaMktuOOKtS8b53dQ547%2FuuKuAnWhNfKqy5P%2FAezCJ"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe4249f8d7f43ab-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1646&min_rtt=1631&rtt_var=623&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1790312&cwnd=221&unsent_bytes=0&cid=3974edc1d68f3470&ts=158&x=0"
                                        2025-01-07 13:02:35 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        37192.168.2.1849778188.114.97.34436608C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:36 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:36 UTC849INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:36 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569745
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3EjZ6DuYYM2MNHb7o9dqG8MAeNODbp1bfppL2jF4dXRZ2ZB46nm4nlNSZ98sg2W9C5NJXehdv6lBFVz9UJaVFfZyUMAh0mtBwhDsELo2MAJuionCCEdpN4LHwdWnQDP3DkOqe4C5"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe424a678ac5e67-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1594&min_rtt=1591&rtt_var=603&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1805813&cwnd=243&unsent_bytes=0&cid=5992be57852198cb&ts=154&x=0"
                                        2025-01-07 13:02:36 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        38192.168.2.1849781188.114.97.34436608C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:37 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:37 UTC857INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:37 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569746
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j0gVVXjmMMuTIJJE8N%2BmSMl7VqRfKwSFrvoHzYCewUCxLRXVCXQrSyIhsTrP9Ki%2BxQ6nLoGyXf5EtF5Njsu2K5XwysR4c4dsltmPgj%2BR65YsBBrZbGPSQ5ZX1PDUf6NdH%2Be2FedZ"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe424ad1d6a4286-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1722&min_rtt=1721&rtt_var=648&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1684939&cwnd=252&unsent_bytes=0&cid=0b6f765e22ef8a38&ts=145&x=0"
                                        2025-01-07 13:02:37 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        39192.168.2.1849783188.114.97.34436608C:\Users\user\Desktop\Order_List.scr
                                        TimestampBytes transferredDirectionData
                                        2025-01-07 13:02:38 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2025-01-07 13:02:39 UTC857INHTTP/1.1 200 OK
                                        Date: Tue, 07 Jan 2025 13:02:39 GMT
                                        Content-Type: text/xml
                                        Content-Length: 362
                                        Connection: close
                                        Age: 1569748
                                        Cache-Control: max-age=31536000
                                        cf-cache-status: HIT
                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xsntdpT9Qa7hjnAzevNvbs0fmFQKibHUv%2BqS1B9Fr4YmuZ%2Fnue3igKHxPzDgn8KjMZ3T4x0k030%2F25iY4cT4oljMZJAThtDg%2FP1rg2b1VBjhLBKxh43wrTi8YNTiHQwXczAmPhDd"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8fe424b62fcec475-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1549&min_rtt=1508&rtt_var=595&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1936339&cwnd=181&unsent_bytes=0&cid=1914b5752ddc9c86&ts=141&x=0"
                                        2025-01-07 13:02:39 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:1
                                        Start time:08:01:00
                                        Start date:07/01/2025
                                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\New order 2025.msg"
                                        Imagebase:0x5e0000
                                        File size:34'446'744 bytes
                                        MD5 hash:91A5292942864110ED734005B7E005C0
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:3
                                        Start time:08:01:01
                                        Start date:07/01/2025
                                        Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B65E71DD-699D-4A31-947E-78B44A854717" "CB8A9D4D-D8A9-4176-AD4D-6D8604D2A761" "3528" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                        Imagebase:0x7ff70d980000
                                        File size:710'048 bytes
                                        MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:6
                                        Start time:08:01:12
                                        Start date:07/01/2025
                                        Path:C:\Windows\System32\OpenWith.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\OpenWith.exe -Embedding
                                        Imagebase:0x7ff660930000
                                        File size:123'984 bytes
                                        MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:15
                                        Start time:08:01:28
                                        Start date:07/01/2025
                                        Path:C:\Program Files\7-Zip\7zFM.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\user\Desktop\Order_List.rar"
                                        Imagebase:0x720000
                                        File size:952'832 bytes
                                        MD5 hash:30AC0B832D75598FB3EC37B6F2A8C86A
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:moderate
                                        Has exited:false

                                        General

                                        Target ID:17
                                        Start time:08:01:52
                                        Start date:07/01/2025
                                        Path:C:\Users\user\Desktop\Order_List.scr
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Order_List.scr" /S
                                        Imagebase:0xfd0000
                                        File size:706'056 bytes
                                        MD5 hash:78A62A23291A3C7907E947BC9F270E09
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                        • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000011.00000002.1783811478.0000000004489000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000011.00000002.1787660778.00000000078D0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:18
                                        Start time:08:01:55
                                        Start date:07/01/2025
                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp180E.tmp"
                                        Imagebase:0xb00000
                                        File size:187'904 bytes
                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:19
                                        Start time:08:01:55
                                        Start date:07/01/2025
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7c1080000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:20
                                        Start time:08:01:55
                                        Start date:07/01/2025
                                        Path:C:\Users\user\Desktop\Order_List.scr
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Order_List.scr"
                                        Imagebase:0x880000
                                        File size:706'056 bytes
                                        MD5 hash:78A62A23291A3C7907E947BC9F270E09
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000014.00000002.2491373165.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000014.00000002.2491373165.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:false

                                        General

                                        Target ID:22
                                        Start time:08:02:00
                                        Start date:07/01/2025
                                        Path:C:\Users\user\Desktop\Order_List.scr
                                        Wow64 process (32bit):true
                                        Commandline:C:\Users\user\Desktop\Order_List.scr /p 197754
                                        Imagebase:0xdc0000
                                        File size:706'056 bytes
                                        MD5 hash:78A62A23291A3C7907E947BC9F270E09
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:23
                                        Start time:08:02:03
                                        Start date:07/01/2025
                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp38E5.tmp"
                                        Imagebase:0xb00000
                                        File size:187'904 bytes
                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:24
                                        Start time:08:02:03
                                        Start date:07/01/2025
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7c1080000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:25
                                        Start time:08:02:04
                                        Start date:07/01/2025
                                        Path:C:\Users\user\Desktop\Order_List.scr
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Order_List.scr"
                                        Imagebase:0x530000
                                        File size:706'056 bytes
                                        MD5 hash:78A62A23291A3C7907E947BC9F270E09
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000019.00000002.2462283908.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000019.00000002.2462283908.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000019.00000002.2496690861.0000000002B48000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000019.00000002.2496690861.0000000002991000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:false

                                        General

                                        Target ID:26
                                        Start time:08:02:10
                                        Start date:07/01/2025
                                        Path:C:\Users\user\Desktop\Order_List.scr
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Order_List.scr"
                                        Imagebase:0x500000
                                        File size:706'056 bytes
                                        MD5 hash:78A62A23291A3C7907E947BC9F270E09
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:27
                                        Start time:08:02:14
                                        Start date:07/01/2025
                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp60CF.tmp"
                                        Imagebase:0xb00000
                                        File size:187'904 bytes
                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:28
                                        Start time:08:02:14
                                        Start date:07/01/2025
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7c1080000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:29
                                        Start time:08:02:14
                                        Start date:07/01/2025
                                        Path:C:\Users\user\Desktop\Order_List.scr
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Order_List.scr"
                                        Imagebase:0xbc0000
                                        File size:706'056 bytes
                                        MD5 hash:78A62A23291A3C7907E947BC9F270E09
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000001D.00000002.2462387893.000000000041A000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000001D.00000002.2500727360.0000000003428000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000001D.00000002.2500727360.0000000003271000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Has exited:false

                                        General

                                        Target ID:30
                                        Start time:08:02:16
                                        Start date:07/01/2025
                                        Path:C:\Users\user\Desktop\Order_List.scr
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Order_List.scr" /S
                                        Imagebase:0xd00000
                                        File size:706'056 bytes
                                        MD5 hash:78A62A23291A3C7907E947BC9F270E09
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:31
                                        Start time:08:02:19
                                        Start date:07/01/2025
                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp74B5.tmp"
                                        Imagebase:0xb00000
                                        File size:187'904 bytes
                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:32
                                        Start time:08:02:19
                                        Start date:07/01/2025
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7c1080000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:33
                                        Start time:08:02:19
                                        Start date:07/01/2025
                                        Path:C:\Users\user\Desktop\Order_List.scr
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Order_List.scr"
                                        Imagebase:0xf20000
                                        File size:706'056 bytes
                                        MD5 hash:78A62A23291A3C7907E947BC9F270E09
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000021.00000002.2499992401.0000000003679000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000021.00000002.2499992401.00000000034C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Has exited:false

                                        General

                                        Target ID:37
                                        Start time:08:02:24
                                        Start date:07/01/2025
                                        Path:C:\Users\user\Desktop\Order_List.scr
                                        Wow64 process (32bit):true
                                        Commandline:C:\Users\user\Desktop\Order_List.scr /p 197890
                                        Imagebase:0x550000
                                        File size:706'056 bytes
                                        MD5 hash:78A62A23291A3C7907E947BC9F270E09
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:38
                                        Start time:08:02:27
                                        Start date:07/01/2025
                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FTlLqTRGrXZr" /XML "C:\Users\user\AppData\Local\Temp\tmp95CA.tmp"
                                        Imagebase:0xb00000
                                        File size:187'904 bytes
                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:39
                                        Start time:08:02:27
                                        Start date:07/01/2025
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7c1080000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:40
                                        Start time:08:02:27
                                        Start date:07/01/2025
                                        Path:C:\Users\user\Desktop\Order_List.scr
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Users\user\Desktop\Order_List.scr"
                                        Imagebase:0x3d0000
                                        File size:706'056 bytes
                                        MD5 hash:78A62A23291A3C7907E947BC9F270E09
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:41
                                        Start time:08:02:27
                                        Start date:07/01/2025
                                        Path:C:\Users\user\Desktop\Order_List.scr
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Order_List.scr"
                                        Imagebase:0xab0000
                                        File size:706'056 bytes
                                        MD5 hash:78A62A23291A3C7907E947BC9F270E09
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000029.00000002.2497138207.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000029.00000002.2497138207.0000000003129000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Has exited:false

                                        General

                                        Target ID:42
                                        Start time:08:02:30
                                        Start date:07/01/2025
                                        Path:C:\Windows\System32\ssText3d.scr
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\ssText3d.scr /p 197890
                                        Imagebase:0x7ff653620000
                                        File size:224'768 bytes
                                        MD5 hash:7631304F6B2B9DDCA51CE680A491A538
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:43
                                        Start time:08:02:34
                                        Start date:07/01/2025
                                        Path:C:\Windows\System32\ssText3d.scr
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\ssText3d.scr /p 197890
                                        Imagebase:0x7ff653620000
                                        File size:224'768 bytes
                                        MD5 hash:7631304F6B2B9DDCA51CE680A491A538
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:45
                                        Start time:08:02:46
                                        Start date:07/01/2025
                                        Path:C:\Windows\System32\OpenWith.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\OpenWith.exe -Embedding
                                        Imagebase:0x7ff660930000
                                        File size:123'984 bytes
                                        MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:46
                                        Start time:08:02:51
                                        Start date:07/01/2025
                                        Path:C:\Program Files\7-Zip\7zFM.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\user\Desktop\Order_List.rar"
                                        Imagebase:0x720000
                                        File size:952'832 bytes
                                        MD5 hash:30AC0B832D75598FB3EC37B6F2A8C86A
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:47
                                        Start time:08:02:58
                                        Start date:07/01/2025
                                        Path:C:\Windows\System32\notepad.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\7zO4E440DCC\version.txt
                                        Imagebase:0x7ff654e50000
                                        File size:201'216 bytes
                                        MD5 hash:27F71B12CB585541885A31BE22F61C83
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        Disassembly

                                        No disassembly